1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Crypto platform 3Commas confirms major API breach, FBI to investi

    From TechnologyDaily@1337:1/100 to All on Fri Dec 30 20:15:03 2022
    Crypto platform 3Commas confirms major API breach, FBI to investigate

    Date:
    Fri, 30 Dec 2022 20:01:55 +0000

    Description:
    Ten thousand API keys were leaked, with more to come, the attackers say.

    FULL STORY ======================================================================

    Cryptocurrency trading platform 3Commas has confirmed it suffered a data breach that saw API data stolen.

    As per the announcement, an unknown threat actor posted 3Commas API database to Pastebin, on December 28.

    After analyzing the database, the company confirmed its authenticity, saying at this point, 3Commas can unfortunately confirm that some of 3Commas users API data (API keys, secrets and passphrases) have been disclosed by a third party. Stolen money

    While the leaks revolve around API data at the moment, 3Commas does not exclude the possibility of other data being taken, as well: Currently and to the best of our knowledge only API data have been disclosed as part of this incident. As a likely consequence the hacker(s) may use or may have used the API data to connect your exchange accounts to his/their account and/or initiate unauthorized trades, it says.

    In a notice sent to its users via email and a blog post, the company says it has made strides to protect its users and their funds, and reported the issue to relevant law enforcement agencies, including the FBI.

    As per a BleepingComputer report, a set of 10,000 API keys were leaked, which is just 10% of the 100,000-big database. These keys are usually used by 3Commas bots to automatically interact with crypto exchange platforms, make trades and generate profit, without user interaction.

    Reacting to the news, 3Commas urged all supported exchanges (including some
    of the biggest ones - Binance, Coinbase, and Kucoin) to revoke all API keys connected to the platform. The company also urged all users to reissue their keys on all linked endpoints personally. Read more

    Huge crypto exchange hack sees $600m stolen


    Binance says at least $100 million stolen in blockchain attack


    Check out the best ID theft protection solutions right now

    Investigating the leak further, the company eliminated the possibility of
    this being an inside job: Only a small number of technical employees had access to the infrastructure, and we have taken steps since November 19 to remove their access, the company said in a Twitter post.

    Since then, we have implemented new security measures, and we will not stop there; we are launching a full investigation in which law enforcement will be involved, the company added.

    But the damage has already been done. Apparently, threat actors have been abusing leaked API keys since November, and have managed to steal some $6 million worth of cryptocurrencies so far. These are the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/crypto-platform-3commas-confirms-major-api-brea ch-fbi-to-investigate


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)