Binance CEO Changpeng Zhao said there were “widespread API key leaks” from trading bot platform 3Commas.
Speaking on Twitter, CZ said he was “reasonably confident” about these leaks.
Binance CEO Warns of Leak
A spokesperson for 3Commas confirmed the leak in a statement to The Block.
CZ used the following statements in his warning:
I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.
Stay #SAFU.
— CZ ? Binance (@cz_binance) December 28, 2022
“If you have put API key from any exchange on 3Commas, please deactivate it immediately”
API keys in 3Commas were previously used for unauthorized transactions in FTX. The platform team was alerted to the incident on October 20 that FTX API keys connected to the platform were used to perform unauthorized transactions.
3Commas said in a statement at the time that the API keys were not obtained from them, and that they were probably obtained in a phishing attack by a third party.
A spokesperson for 3Commas stated that the company saw a hacker message for the incident today and confirmed that the data that emerged was real.
A spokesperson for the platform said in an email to The Block:
“We have requested that Binance, Kucoin and other supported exchanges urgently revoke all keys tied to 3Commas. We regret that the situation has gone this far and we will continue to be transparent in our communications regarding the situation.”
The company also stated that they could not find any evidence that this incident was done “from the inside”.
“Only a small number of technical workers had access to the infrastructure and have taken action to remove access since November 16. Since then, we have implemented new security measures and we will not be limited to this. We are launching a full investigation involving law enforcement.”