The cryptocurrency trading company 3Commas has denied that its employees stole users’ API keys, claiming that screenshots making the rounds on social media is fake, and has urged those affected to contact the police to prevent the thieves from stealing their money.
A fake screenshot of a Cloudflare log is making the rounds on Twitter and YouTube, according to 3Commas co-founder and CEO Yuriy Sorokin, who wrote about it in a blog post on December 11. He claimed that this is done “in an effort to convince people that there was a vulnerability within 3Commas and that we were irresponsible enough to allow open access to user data and log files.”
The allegedly taken screenshots are meant to demonstrate how the 3Commas dashboard on Cloudflare exposed customers’ API keys.
3Commas asks users to file a police report
On December 10, Sorokin urged affected users to file a police report to have their exchange accounts frozen. This was stated in another blog post.
“The quicker this is done, the faster exchanges can freeze the perpetrators’ accounts to prevent money from being withdrawn and raise the possibility that some, or all, of the money, may be returned to victims,” the statement reads.
Users are required to provide identity information in order to trade or withdraw money because the majority of cryptocurrency exchanges adhere to Know Your Customer standards. Exchanges would be able to provide investigators with information about affected users’ police reports, the company said.
According to 3Commas, phishing attack evidence has been identified as a “contributory factor” in thefts. The company claims that malicious actors began phishing attacks in October and experimented with various methods. Sorokin said:
“Also, we have hard evidence that phishing was at least in some part a contributory factor; we published a blog article here showing many fake 3Commas websites that were created and some are still live on the internet, despite our best efforts to have them taken down.”
Overall, Sorokin concluded in the blog that the fake images were the result of considerable effort on the part of the bad actors. An unprecedented information attack has occurred. However, it would be absurd to take seriously any “security reports” that rely on this kind of “proof”.