3Commas API leak victims demand refunds and apologies for ‘gaslighting’ users

Victims of the 3Commas API leak are asking for refunds and an apology from the crypto trading platform for being tricked throughout the ordeal.

Over the past few months, there has been a constant back and forth between 3Commas and alleged victims of unauthorized transactions emanating from their accounts.

3Commas and its CEO Yuriy Sorokin had strongly denied that there had been a hack or breach and refuted that there might have been an inside job of an employee gone rogue. Instead, it suggested that leaked APIs were the result of phishing by customers.

are you going to remove it? pic.twitter.com/BwbJkJy8oC

— Daniel Roberts (@readDanwrite) December 28, 2022

However, on Dec. 28, Sorokin finally admitted there had been a significant API leak from the company after confirming that a database of API keys shared by a hacker was legitimate.

“We have seen the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked Binance, Kucoin and other supported exchanges to revoke all keys associated with 3Commas.”

“We made every effort to investigate an inside job as it was always a possible scenario and was on our watch list, but no evidence of an inside job has been found,” Sorokin added.

The community is baffled by this startling admission, as 3Commas had previously labeled customer reports of a leak as “false rumors shared by bad faith actors using falsified evidence” on Dec. 11.

“As a reminder, for the past 2 months you have been blaming the victims of the hack. You’ve vilified the victims as “bad faith actors” and claimed they’re “falsifying evidence,” when it turns out that 3Commas were the ones who were the bad faith actors, lying and faking evidence,” Twitter user @Pledditor wrote.

Related: The data of 400 million Twitter users is reportedly for sale on the black market

While popular crypto trader CoinMamba tweeted that “you kept lying and saying this was our fault instead of taking responsibility and preventing [sic] further exploits. Are you going to refund the users now?”

“Congratulations, idiots are what’s wrong with space,” blockchain sleuth ZachXBT rang in, after posting about the API leak for weeks.

4/ 3Commas finally acknowledged the leak, but the damage was done. For weeks they have been blaming the users and not accepting any responsibility.

Make sure you never like incompetent clowns @3commas_io your business ever again. https://t.co/LyNvar7LST pic.twitter.com/RkS6ZgCZEN

— ZachXBT (@zachxbt) December 28, 2022

Reaction comments were just as aggressive on the 3Commas tweet confirming the leak, with user @turgut_oztunc noting that, “You guys are really funny guys. We shall see [you in] the court if you do not get our money back as soon as possible.”

This entire business should be held accountable and shut down immediately

— çгчpтåvэłî (@cryptaveli) December 28, 2022