Months after 3Commas denied having an API leak, the company finally admitted to the leak. The move has stirred victims of the breach to demand refunds for their lost money and also an apology for gaslighting by the company.
The 3Commas API breach victims are demanding compensation and an apology from the cryptocurrency trading platform for mishandling the entire situation.
A constant back and forth between 3Commas and alleged victims of illicit transactions emanating from their accounts has been going on for the last several months.
Strongly disputing any hack or breach that may have occurred, 3Commas and its CEO Yuriy Sorokin also ruled out an inside job by an employee gone rogue. Instead, it said that any exposed APIs were the product of phishing attacks on users.
However, Sorokin ultimately acknowledged there had been a sizable API breach from the company on December 28 and confirmed the legitimacy of a database of API keys supplied by a hacker:
“We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.”
Since an inside job was always a possibility and was on our watch list, “we did all we could to examine it, but there was no evidence of an inside job,” Sorokin said.
This unexpected disclosure has left the community perplexed, especially in light of the fact that 3Commas had on December 11 described customer allegations of a breach as “false rumors propagated by bad faith actors using faked proof.”
Just a reminder: You have been blaming the hack’s victims for the past two months. When it comes out that 3Commas was the bad faith actor, lying, and fabricating evidence, you have falsely accused the victims of being “bad faith actors” and of having “falsified evidence,” commented Twitter user Pledditor.
CoinMamba, a well-known cryptocurrency trader, said on Twitter: “You continued lying and stating it was our fault instead of taking responsibility and stopping [sic] additional exploitation. Will you now provide the users with a refund?
After tweeting about the API breach for weeks, blockchain sleuth ZachXBT commented, “Congrats you morons are what’s wrong with the space.
The 3Commas tweet verifying the leak drew equally hostile comments, with turgut oztunc writing: “You are pretty hilarious folks. In the event that you don’t promptly retrieve our monies, we’ll see you in court.
