Anonymous Twitter User Leaks 3Commas API Database

The leak comes after 3Commas repeatedly told users that they had been “phished” after widespread hacks.

AccessTimeIconDec 28, 2022 at 7:53 p.m. UTC
Updated Dec 29, 2022 at 11:41 p.m. UTC

An anonymous Twitter user has obtained around 100,000 API keys belonging to users of the crypto trading service 3Commas. The leaker published more than 10,000 of the keys on Wednesday and says the rest “will be published full [sic] randomly in the upcoming days.”

3Commas CEO Yuriy Sorokin confirmed the authenticity of the leak in a tweet on Wednesday, adding that "as an immediate action, we have asked that Binance, KuCoin, and other supported exchanges revoke all the [API] keys that were connected to 3Commas."

The leak comes after dozens of users of 3Commas claimed that their API keys were used to execute trades on exchanges such as Binance, KuCoin and Coinbase without their consent. As CoinDesk previously reported, 3Commas confirmed that users lost at least $6 million to attackers starting in October, but that sum has at least doubled in recent weeks according to users who spoke to CoinDesk.

CoinDesk isn't linking to or naming the pseudonymous leaker's Twitter account because doing so could further expose sensitive private information.

3Commas initially told CoinDesk its users' losses resulted from phishing attacks, but those users – more than 50 of whom have organized themselves into Telegram chat groups – have insisted that their credentials must have been leaked by 3Commas or an exchange like Binance or Coinbase.

Wednesday's data dump is the clearest evidence yet that the credentials were leaked rather than phished. Multiple 3Commas users confirmed to CoinDesk that they were able to find their API keys among those that were shared by the leaker.

In his tweet, 3Commas' Sorokin noted that he and his company "did everything that we could to investigate an inside job, as it was always a possible scenario and on our watch list, but proof of an inside job was not found."

Before 3Commas made its statement, Binance CEO Changpeng Zhao cautioned users on Wednesday afternoon that "if you have ever put an API key in 3Commas (from any exchange), please disable it immediately."

3Commas allows users to set up trading bots that automatically execute trades on their behalf on third-party crypto exchanges. Those exchanges generate API keys, and users plug those keys into 3Commas in order to grant the app access to their accounts. The API keys included in this week’s leak were, according to the leaker, generated on Binance and KuCoin.

UPDATE (Dec. 28, 2020 20:13 UTC): Adds tweet from Binance CEO.

UPDATE (Dec. 28, 2020 21:08 UTC): Adds confirmation and statements from 3Commas, removes 'Alleged' from headline.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Sam Kessler

Sam is CoinDesk's deputy managing editor for tech and protocols. He reports on decentralized technology, infrastructure and governance. He owns ETH and BTC.