FBI Investigating 3Commas Data Breach
This week, an anonymous person leaked 100,000 API keys connected to the crypto trading service.
The FBI is investigating the 3Commas data breach, CoinDesk has learned. The investigation comes after weeks of criticism from users of the Estonia-based crypto trading service, who say its CEO repeatedly brushed off warning signs that the platform had leaked user data.
This week, 100,000 Binance and KuCoin API keys linked to 3Commas were leaked by an anonymous person. On Thursday, two 3Commas users told CoinDesk that they were contacted by agents from the FBI’s Cincinnati Field Office in connection to the leak.
Over the last several months, dozens of 3Commas users found that the service had, without their consent, traded away funds on crypto exchanges they’d linked to it. Initially, 3Commas said that these users were most likely phished and insisted that the platform was safe.
The API database leaker insinuated that the 3Commas keys had been sold by someone from within the company, but 3Commas CEO Yuriy Sorokin said in a statement on Thursday that “3Commas stresses that it has found no evidence during the internal investigation that any employee of 3Commas was somehow involved in attacks against the API data.”
“Since becoming aware of the suspicious activities taking place, we immediately launched an internal investigation. We will continue with the investigation in the light of the new information and also notify law enforcement authorities accordingly,” Sorokin said in the statement.
A 3Commas victim group, which has around 60 members, previously reached out to the U.S. Secret Service and other law enforcement agencies in an attempt to understand how their funds had gone missing. The group’s leader, Edmundo (Mundy) Pena, told CoinDesk that he has tallied the group’s losses at over $20 million.
The FBI and 3Commas did not immediately respond to CoinDesk’s requests for comment.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.