{"id":592928,"date":"2023-01-01T05:50:06","date_gmt":"2023-01-01T11:50:06","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/01\/crypto-platform-3commas-confirms-major-api-breach-fbi-to-investigate\/"},"modified":"2023-01-01T05:50:06","modified_gmt":"2023-01-01T11:50:06","slug":"crypto-platform-3commas-confirms-major-api-breach-fbi-to-investigate","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/01\/crypto-platform-3commas-confirms-major-api-breach-fbi-to-investigate\/","title":{"rendered":"Crypto platform 3Commas confirms major API breach, FBI to investigate"},"content":{"rendered":"<article aria-label=\"article\" data-id=\"hq87VhDK44qBFp26b2CrPo\">\n<header>\n<nav aria-label=\"Breadcrumbs\">\n<ol>\n<li>\n<a href=\"https:\/\/www.techradar.com\" aria-label=\"Return to Home\">Home<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/news\" aria-label=\"Return to News\">News<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/computing\" aria-label=\"Return to Computing\">Computing<\/a>\n<\/li>\n<\/ol>\n<\/nav>\n<\/header>\n<section>\n<div itemprop=\"image\" itemscope itemtype=\"https:\/\/schema.org\/ImageObject\">\n<div>\n<picture><source type=\"image\/webp\" alt=\"How to prevent cyberattacks\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/iufjXk4n4b6B6AMKRKRZWj.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/iufjXk4n4b6B6AMKRKRZWj.jpg\"><source type=\"image\/jpeg\" alt=\"How to prevent cyberattacks\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/iufjXk4n4b6B6AMKRKRZWj.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/iufjXk4n4b6B6AMKRKRZWj.jpg\"><img decoding=\"async\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/iufjXk4n4b6B6AMKRKRZWj-320-80.jpg\" alt=\"How to prevent cyberattacks\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/iufjXk4n4b6B6AMKRKRZWj.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/iufjXk4n4b6B6AMKRKRZWj.jpg\"><\/picture>\n<\/div>\n<p><meta itemprop=\"url\" content=\"https:\/\/cdn.mos.cms.futurecdn.net\/iufjXk4n4b6B6AMKRKRZWj.jpg\"><br \/>\n<meta itemprop=\"height\" content=\"600\"><br \/>\n<meta itemprop=\"width\" content=\"338\"><figcaption itemprop=\"caption description\">\n<span itemprop=\"copyrightHolder\">(Image credit: Unsplash)<\/span><br \/>\n<\/figcaption><\/div>\n<div id=\"article-body\">\n<p>Cryptocurrency trading platform 3Commas has confirmed it suffered a data breach that saw API data stolen.<\/p>\n<p>As per the announcement, an unknown threat actor posted 3Commas\u2019 API database to Pastebin, on December 28.\u00a0<\/p>\n<p>After analyzing the database, the company confirmed its authenticity, saying \u201cat this point, 3Commas can unfortunately confirm that some of 3Commas\u2019 users\u2019 API data (API keys, secrets and passphrases) have been disclosed by a third party\u201d.\u00a0<\/p>\n<h2 id=\"stolen-money\">Stolen money<\/h2>\n<p>While the leaks revolve around API data at the moment, 3Commas\u2019 does not exclude the possibility of other data being taken, as well: \u201cCurrently and to the best of our knowledge only API data have been disclosed as part of this incident. As a likely consequence the hacker(s) may use or may have used the API data to connect your exchange accounts to his\/their account and\/or initiate unauthorized trades,\u201d it says.<\/p>\n<p>In a notice sent to its users via email and a blog post, the company says it has made strides to protect its users and their funds, and reported the issue to relevant law enforcement agencies, including the FBI.\u00a0<\/p>\n<p>As per a <em>BleepingComputer<\/em> report, a set of 10,000 API keys were leaked, which is just 10% of the 100,000-big database. These keys are usually used by 3Commas bots to automatically interact with crypto exchange platforms, make trades and generate profit, without user interaction.<\/p>\n<p>Reacting to the news, 3Commas urged all supported exchanges (including some of the biggest ones &#8211; Binance, Coinbase, and Kucoin) to revoke all API keys connected to the platform. The company also urged all users to reissue their keys on all linked <a href=\"https:\/\/www.techradar.com\/news\/best-endpoint-security-software\" target=\"_blank\" rel=\"noopener\">endpoints<\/a><span> (opens in new tab)<\/span> personally.<\/p>\n<p>Investigating the leak further, the company eliminated the possibility of this being an inside job: \u201cOnly a small number of technical employees had access to the infrastructure, and we have taken steps since November 19 to remove their access,\u201d the company said in a Twitter post.\u00a0<\/p>\n<p>\u201cSince then, we have implemented new security measures, and we will not stop there; we are launching a full investigation in which law enforcement will be involved,\u201d the company added.<\/p>\n<p>But the damage has already been done. Apparently, threat actors have been abusing leaked API keys since November, and have managed to steal some $6 million worth of cryptocurrencies so far.\u00a0<\/p>\n<ul>\n<li>These are the <a href=\"https:\/\/www.techradar.com\/best\/firewall\" target=\"_blank\" rel=\"noopener\">best firewalls<\/a><span> (opens in new tab)<\/span> right now<\/li>\n<\/ul>\n<p>Via: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/crypto-platform-3commas-admits-hackers-stole-api-keys\/\" target=\"_blank\" data-url=\"https:\/\/www.bleepingcomputer.com\/news\/security\/crypto-platform-3commas-admits-hackers-stole-api-keys\/\" rel=\"noopener\">BleepingComputer<\/a><span> (opens in new tab)<\/span><\/p>\n<\/div>\n<div data-hydrate=\"true\" data-reactroot id=\"slice-container-newsletterForm-articleInbodyContent\">\n<section>\n<p>Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!<\/p>\n<\/section>\n<\/div>\n<div data-reactroot id=\"slice-container-authorBio\">\n<p>Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he\u2019s written for numerous media outlets, including Al Jazeera Balkans. He\u2019s also held several modules on content writing for Represent Communications.<\/p>\n<\/div>\n<\/section>\n<p><a href=\"https:\/\/www.techradar.com\/news\/crypto-platform-3commas-confirms-major-api-breach-fbi-to-investigate\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Diego Schroeder<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Home News Computing (Image credit: Unsplash) Cryptocurrency trading platform 3Commas has confirmed it suffered a data breach that saw API data stolen.As per the announcement, an unknown threat actor posted 3Commas\u2019 API database to Pastebin, on December 28.\u00a0After analyzing the database, the company confirmed its authenticity, saying \u201cat this point, 3Commas can unfortunately confirm that<\/p>\n","protected":false},"author":1,"featured_media":592929,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22791,23466,46],"tags":[],"class_list":{"0":"post-592928","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-crypto","8":"category-platform","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/592928","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=592928"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/592928\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/592929"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=592928"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=592928"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=592928"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}