{"id":532163,"date":"2022-12-29T01:09:31","date_gmt":"2022-12-28T22:09:31","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/3commas-ceo-confirms-api-key-leak-following-warning-from-cz\/"},"modified":"2022-12-29T01:09:31","modified_gmt":"2022-12-28T22:09:31","slug":"3commas-ceo-confirms-api-key-leak-following-warning-from-cz","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/3commas-ceo-confirms-api-key-leak-following-warning-from-cz\/","title":{"rendered":"# 3Commas CEO confirms API key leak following warning from CZ"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a29da1dc561c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a29da1dc561c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/3commas-ceo-confirms-api-key-leak-following-warning-from-cz\/#%E2%80%9D_3Commas_CEO_confirms_API_key_leak_following_warning_from_CZ_%E2%80%9C\" >&#8221; 3Commas CEO confirms API key leak following warning from CZ &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_3Commas_CEO_confirms_API_key_leak_following_warning_from_CZ_%E2%80%9C\"><\/span>&#8221; 3Commas CEO confirms API key leak following warning from CZ &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTIvMGM3Y2I5MzMtYjU4OC00ZTBhLWI5MGQtYzMyMWRlNzNkMmQ1LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-02fa634a>Binance CEO Changpeng Zhao (CZ) warned his 8 million <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> followers on Dec. 28 that he is \u201creasonably sure\u201d that API key leaks are taking place at the cryptocurrency trade management platform.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.<\/p>\n<p>Stay <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/SAFU?src=hash&amp;ref_src=twsrc%5Etfw\">#SAFU<\/a>.<\/p>\n<p>\u2014 CZ  Binance (@cz_binance) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/cz_binance\/status\/1608182790540902407?ref_src=twsrc%5Etfw\">December 28, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>The disclosure by CZ followed an incident on Dec. 9, when Binance cancelled the account of a user who complained about losing funds a day earlier. That user claimed a leaked API key tied to 3Commas was used \u201cto make trades on low cap coins to push up the price to make profit.\u201d Binance declined to reimburse the user. CZ tweeted that the loss was unverifiable, and if the company made up for such losses \u201cwe will just be paying for users to lose their API keys.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Mamba, there is almost no way for us to be sure users didn\u2019t steal their own API keys. The trades were done using API keys you created. Otherwise we will just be paying for users to lose their API keys. Hope you understand.<\/p>\n<p>\u2014 CZ  Binance (@cz_binance) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/cz_binance\/status\/1601193403257344000?ref_src=twsrc%5Etfw\">December 9, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On Dec. 11, 3Commas CEO Yuriy Sorokin claimed on the company blog that fake screenshots were circulating on Twitter and YouTube purporting to show the company had lax security and that employees were stealing API keys. Sorokin denied the allegations in an in-depth technical analysis of the images:<\/p>\n<blockquote><p>\u201cThe person who created the screenshots did a nice job with an HTML editor, but they made a few key mistakes that easily prove their claims are fake. We\u2019ll go through those point by point.\u201d <\/p><\/blockquote>\n<p>Security issues first arose at 3Commas in late October. At that time, the still-functional FTX exchange issued a security alert in response to reports from users of unauthorized trades of trading pairs with the DMG coin on FTX. 3Commas and FTX determined that hackers had created 3Commas accounts to perform the trades. However, according to the 3Commas blog, \u201cthe API keys were not taken from 3Commas but from outside of the 3Commas platform.\u201d<\/p>\n<p><strong><em>Related: How Binance is protecting its users with responsible trading program<\/em><\/strong><\/p>\n<p>In a subsequent blog post, Sorokin acknowledged that \u201cwe have hard evidence that phishing was at least in some part a contributory factor\u201d in user losses.<\/p>\n<p>In the meantime, a Twitter user has alleged that all of 3Commas&#8217; API keys have been leaked.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">PSA<\/p>\n<p>3Commas API leak has been published, if you haven&#8217;t already REMOVE YOUR API KEY <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/yEvrxyWBIq\">pic.twitter.com\/yEvrxyWBIq<\/a><\/p>\n<p>\u2014 db (@tier10k) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/tier10k\/status\/1608186096411725826?ref_src=twsrc%5Etfw\">December 28, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Now, Sorokin has confirmed the leak, addin that no proof was found that the leak was an inside job.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">1. Statement from 3Commas:<\/p>\n<p>We saw the hacker\u2019s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.<\/p>\n<p>\u2014 Yuriy Sorokin (@YS_3Commas) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/YS_3Commas\/status\/1608202390121111552?ref_src=twsrc%5Etfw\">December 28, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><template data-name=\"subscription_form\" data-type=\"law_decoded\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/3commas-ceo-confirms-api-key-leak-following-warning-from-cz\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; 3Commas CEO confirms API key leak following warning from CZ &#8220; Binance CEO Changpeng Zhao (CZ) warned his 8 million Twitter followers on Dec. 28 that he is \u201creasonably sure\u201d that API key leaks are taking place at the cryptocurrency trade management platform. I am reasonably sure there are wide spread API key leaks&#8230;<\/p>\n","protected":false},"author":1,"featured_media":532164,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2022-12\/0c7cb933-b588-4e0a-b90d-c321de73d2d5.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[75014,74882,117],"class_list":["post-532163","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-binance","tag-hacks","tag-business"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/532163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=532163"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/532163\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/532164"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=532163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=532163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=532163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}