- 3Commas’ API key leaks exposed more people to losing money.
- Binance to block the app from the exchange if they don’t effectively prevent it.
More users are losing money after API keys of third-party apps like 3Commas were leaked. A recent case involving Twitter user CoinMamba has prompted Binance to consider blocking 3Commas‘ access to its platform if the company doesn’t put a stop to API leaks.
We just discussed this internally. We may block all 3Comma access if they don’t have good ways to fix API key leaks in their side.
— CZ 🔶 Binance (@cz_binance) December 9, 2022
Binance believed that the user wasn’t entitled to compensation after disclosing his private API (Application Programming Interface) keys.
3Commas API key leaks and cases aren’t new, but the increasing cases should alarm anyone using its automated trading platform on Binance or any other exchange.
Binance and 3Commas at loggerheads
In November, Binance CEO Changpeng Zhao (CZ) cautioned users about deleting unused API keys and asked them to be careful when using Skyrex and 3Commas.
We seen at least 3 cases of users who shared their API key with 3rd party platforms (Skyrex and 3commas), and seen unexpected trading on their accounts. If you used such a platform before, I highly recommend you to delete your API keys just to be safe. 🙏
— CZ 🔶 Binance (@cz_binance) November 14, 2022
During the same period, 3Commas stated that they were also fighting phishing attacks that affected users of other exchanges. In particular, users of the now-bankrupt FTX exchange lost over $6 million due to phishing attacks, but the exchange compensated them.
However, Binance claimed that it was API key leaks on the part of 3Commas and not necessarily phishing attacks. However, Yuriy Sorokin, founder, and CEO of 3Commas claimed that they were phishing attacks that could hit anyone, including Binance.
In fact, he portrayed CZ’s stance as FUD against 3Commas to take it over and said he was ready to offer Binance the equity stake left behind by Alameda Research. Bankrupt Alameda Research had invested $3 million in 3Commas.
Although user CoinMamba himself was to blame for not deleting his API keys, the companies’ reaction wasn’t impressive either. Binance has since restricted CoinMamba’s account to withdrawal mode only, citing the user’s threat to Binance’s customer service.
Yeap, @cz_binance just closed my Binance account because of my tweets. Not sure what to say. This is unacceptable and I’m sure most of you will agree with me on this..
— CoinMamba (@coinmamba) December 9, 2022
Stay safe and protect your funds
CZ further stated that they have internally agreed to block 3Commas’ access if it doesn’t stop API key leaking.
Binance’s proposal to block 3Commas’ access might prevent further losses, but users need to be more careful with API keys. Be extra vigilant with third-party apps that you allow to interact with your trades.