3Commas customers have been posting on social platforms for some time, saying that there may be a system vulnerability that could lead to the disclosure of his API key. This leads to unauthorized and unusual transactions in customers' trading center accounts in the vast majority of cases in order to sell and sell coins. So far, Commas has denied all the rumors, saying there was no invasion, but there is solid evidence that the company has taken on obligations for the first time on the password trading site.

How did it start?

The popular chain detective ZachXBT shares some hard evidence with him on his Twitter account. In the screenshot he shared with 343, 000 fans, some claimed to have won more than 100000 API keys leaked by 3Commas, which he finally shared with Zack.

Zack explained that he had checked the API key to verify the authenticity of this view, confirming to multiple people in a group of people whose 3Commas API key had been compromised that his key was actually in a database system that interconnected with Zach.

In a later tweet, Zack released a letter that the publishers called a "belated Christmas gift" in which they claimed that there was no leak. In turn, this kind of information content was sold to him by the relevant staff of the 3Commas team.

More worryingly, this person and these people claim to have more API keys. It is clear that they plan to publicly release an integrated database system with more than 100000 API keys. Grateful, they plan to delete all personal and ID information from the data sheet to protect everyone.

The 3-semicolon finally admitted to the leak

For the first time, the 3Commas team was responsible for data breaches because of the revelations provided by the ZachXBT process. Founder and CEO Yuri Sorokin acknowledged the authenticity of this view on Twitter. The CEO explained that they had been investigating the internal structure together, but were not sure that the leak was caused by an employee.

Interestingly, Sorokin explained that on Nov. 19, a small number of skilled workers who had access to this information were stripped of access restrictions, which means they learned about the leak at least a month ago. But 3Comms once again put pressure on users, reprimanding them for being deceived by phishing fraud and asking them to go to the trading center, and the problem has always been on its own.

3Commas finally admitted to the leak, but the harm had already been caused. For weeks, they have been reprimanding its customers and accepting zero obligations, "ZachXBT said. Promise not to give this kind of weak clown manHe said:The @ 3 semicolon _ io will never harm your project. "

It has been proposed that users and trading centers revoke all API keys transferred to the 3Commas platform. As for 3Commas, Sorokin said: "A new security measure has been implemented and it is not easy to be satisfied with the status quo; we are conducting an in-depth investigation involving inspection."