Yesterday, an anonymous Twitter user shared a set of 10,000 API keys reportedly obtained from the cryptocurrency trading platform 3Commas. These keys are used by 3Commas bots to interact with cryptocurrency trading exchanges and perform automated investment and trading actions on behalf of customers.
The Twitter user claimed to hold 100,000 API keys and plans to publish them in the following days. 3Commas has confirmed that the files contain valid API keys and is urging all supported exchanges, including Coinbase, Kucoin, and Binance, to revoke all keys connected to 3Commas. The company has investigated the possibility of an inside job but found no evidence. However, some users have already lost funds after unauthorized trades were made from their accounts.
Despite earlier reports of unauthorized transactions, 3Commas denied any compromise until December 10, when they acknowledged the leak. The company has not yet made any statement about compensation for affected users.