Crypto trading firm 3Commas denied its employees' stolen user's API keys, claiming the screenshots circulating on social media are fake, and urged affected users to file a police report in order to stop withdrawals in exchanges.
In a blog post published on Dec. 11, 3Commas co-founder and CEO Yuriy Sorokin said that fake screenshots of Cloudflare logs are circulating on Twitter and YouTube "in an attempt to convince people that there was a vulnerability within 3Commas and that we were irresponsible enough to allow open access to user data and log files." The alleged screenshots intend to show how customer's API keys were exposed in 3Commas dashboard on Cloudflare.
A second blog post by Sorokin from Dec.10, encourages affected users to file a police report in order to get accounts frozen on exchanges. "The faster this is done, the faster exchanges can freeze the accounts of the perpetrators to stop funds from being withdrawn and increase the likelihood that some, or all, of the funds may be returned to victims."
As the majority of crypto exchanges follows know your customer standards, users are required to provide identity details to trade or withdraw funds. If affected users provided a police report, exchanges would be able to share this information with investigators, noted the company.
As reported by Cointelegraph, a crypto trader by the name of CoinMamba on Twitter had his account closed on Binance's platform after he complained about lost funds. The leaked API key is tied to a 3Commas account. Both the companies, Binance and 3Commas, deny any responsibility for the incident.
3Commas claims to have identified evidence of phishing attacks as a "contributory factor" for thefts. According to the company, the phishing attacks started in October, with bad actors trying different phishing techniques. Sorokin stated:
"Also, we have hard evidence that phishing was at least in some part a contributory factor; we published a blog article here showing many fake 3Commas websites that were created and some are still live on the internet, despite our best efforts to have them taken down."
Exchange API connections older than 90 days are being disabled by the company.