The crypto sector, thriving in several parts of the world, was struck with several hack and scam attacks this year. Even a couple of days before the industrially quaky year of 2022 ends, news and warning around crypto crimes have made it to the headlines. This week, the private API keys of around 1,00,000 crypto users were leaked on public domains. The victims were all users of 3Commas, an Estonia-based crypto trading service. The incident added more stress to the already disturbed crypto sector that has drastically dropped down in valuation to a yearly low to $795 billion (roughly Rs. 65,87,830 crore).
3Commas lets users set up an automated feature that has bots initiate trades on third party exchanges like Binance, Coinbase, and KuCoin on behalf of the users.
An anonymous hacker, as confirmed by 3Commas, had been at work since October that reportedly resulted in a loss of user funds up to $12 million (roughly Rs. 100 crore) via unconsented transactions. These transactions were processed via 3Commas on exchanges like Binance and Coinbase.
Previously, the company was exploring if these unverified transactions were being triggered by phishing attacks.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
— Yuriy Sorokin (@YS_3Commas) December 28, 2022
Several members of the crypto community, including Binance CEO Changpeng Zhao, shared awareness and safety suggestions for others.
I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.
Stay #SAFU.
— CZ :large_orange_diamond: Binance (@cz_binance) December 28, 2022
My strong recommendation for all @3commas_io leak victims is to hire the lawyer ASAP
Link to leakage belowhttps://t.co/QRstmpwumF
Best documented lawsuits would win and you will have a chance for compensation
— Dyma Budorin :flag-ua: (@buda_kyiv) December 28, 2022
The incident comes in the backdrop of crypto crimes gaining more and more pace around the world.
US’ Federal Bureau of Investigation (FBI) has warned crypto investors there about a new technique of ongoing scams — called the ‘pig butchering’. In these instances, scammers get potential victims to move their investments to cryptocurrency. Once their digital wallet ‘fattens’, these scammers hack and steal the funds.
“Be very careful when you go on social media and dating apps and somebody starts developing a relationship with you, and wants you to start investing. Don’t get butchered,” Bitcoin.com quoted Frank Fisher, public affairs specialist at the FBI’s Albuquerque division, as saying.
Back in November, the authorities in the US reportedly claimed to have identified and confiscated seven domain names that were exploited in pig butchering scams.
In a recent report, Chainalysis claimed that the month of October has been the worst in terms of crypto-related crimes. The crypto sector lost over $718 million (roughly Rs. 5,890 crore) owing to such crimes.
Back-to-back hack attacks on the digital assets sector contributed heavily to how the market turned-out to reach its current low valuation of $795 billion (roughly Rs. 65,87,830 crore).
Glassnode, in its latest report, has claimed that most Bitcoin holders have moved their holdings to self-custodial crypto wallets. Glassnode has estimated that around 550,000 Bitcoin worth $9.2 billion (roughly Rs. 76,760 crore) have left crypto exchanges.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2023 hub.