FBI Investigating 3Commas Data Breach

The FBI is investigating the 3Commas data breach, CoinDesk has learned. The investigation comes after weeks of criticism from users of the Estonia-based crypto trading service, who say its CEO repeatedly brushed off warning signs that the platform had leaked user data.

This week, 100,000 Binance and KuCoin API keys linked to 3Commas were leaked by an anonymous person. On Thursday, two 3Commas users told CoinDesk that they were contacted by agents from the FBI’s Cincinnati Field Office in connection to the leak.

Over the last several months, dozens of 3Commas users found that the service had, without their consent, traded away funds on crypto exchanges they’d linked to it. Initially, 3Commas said that these users were most likely phished and insisted that the platform was safe.

The API database leaker insinuated that the 3Commas keys had been sold by someone from within the company, but 3Commas CEO Yuriy Sorokin said in a statement on Thursday that “3Commas stresses that it has found no evidence during the internal investigation that any employee of 3Commas was somehow involved in attacks against the API data.”

“Since becoming aware of the suspicious activities taking place, we immediately launched an internal investigation. We will continue with the investigation in the light of the new information and also notify law enforcement authorities accordingly,” Sorokin said in the statement.

A 3Commas victim group, which has around 60 members, previously reached out to the U.S. Secret Service and other law enforcement agencies in an attempt to understand how their funds had gone missing. The group’s leader, Edmundo (Mundy) Pena, told CoinDesk that he has tallied the group’s losses at over $20 million.

The FBI and 3Commas did not immediately respond to CoinDesk’s requests for comment.