The FBI is purportedly investigating the data breach and subsequent financial losses affecting users of 3Commas, an Estonian-based crypto trading bot platform, CoinDesk reported, without naming its sources.
In late December, the 3Commas data breach made headlines after an anonymous Twitter user posted 10,000 API keys allegedly stolen from the crypto platform.
Although 3Commas denied it suffered any security issues in an initial statement, the company confirmed the breach in a tweet on Dec. 29, 2022.
“We have seen the hacker’s message and can confirm that the data in the files is true,” the tweet reads. “As an immediate action, we have requested that Binance, Kucoin and other supported exchanges revoke all keys that were connected to 3Commas.”
“Since then, we have implemented new security measures, and we will not stop there; we are launching a full investigation in which law enforcement will be involved,” the company added.
The threat actor who leaked the API keys also claimed that the 3Commas keys were sold by someone working within the company. 3Commas, however, denied the claims, insisting that “no evidence of an inside job was found.”
Unfortunately, users of the crypto trading platform have already lost over $20 million.
Crypto news recently revealed that approximately 60 users of 3Commas got together and urged police to intervene and investigate how their financial assets went missing.
“Since becoming aware of the supposed hacker’s Pastebin post, we have requested that Binance, KuCoin and other supported exchanges revoke all keys that were connected to 3Commas,” CEO Yuriy Sorokin said. “We strongly recommend every user to reissue an API key they have currently connected to an exchange.”