3commas data breach overview:
- Who: The Federal Bureau of Investigations is investigating an apparent data breach against Estonia-based crypto trading service 3commas.
- Why: An anonymous Twitter user leaked more than 10,000 API keys belonging to 3commas users this week, while the leaker reportedly has a total of 100,000 API keys that they say they will be releasing at random in the coming days.
- Where: 3commas is used by crypto traders nationwide.
The Federal Bureau of Investigations is investigating an apparent data breach of 3commas in the wake of an anonymous Twitter user leaking more than 10,000 API keys belonging to the crypto trading service’s users earlier this week.
The anonymous Twitter user reportedly has 100,000 API keys in total, with the leaker saying that they would be leaking the rest at random in the coming days, reports CoinDesk.
The leak reportedly follows weeks of criticism from 3commas users who argued that the CEO of the Estonia-based crypto trading service had been ignoring warning signs that the platform had suffered a data breach.
Dozens of 3commas users had previously complained that the service had, without consent, traded away funds on crypto platforms they were linked to, while 3commas held that the actions were most likely due to phishing, reports CoinDesk.
3commas reportedly maintained that the platform itself was safe, while the leaker of the API keys has now hinted that the stolen information was sold by someone from within 3commas itself.
3commas says no evidence data breach was caused by any of its employees
Yuriy Sorokin, CEO of 3commas, released a statement on Thursday stressing that it had found no evidence any of its employees were responsible for the apparent data breach and leak of the API keys.
“Since becoming aware of the suspicious activities taking place, we immediately launched an internal investigation. We will continue with the investigation in the light of the new information and also notify law enforcement authorities accordingly,” Sorokin said.
3commas allows its users to—by using API keys — create trading bots that can be used to automatically execute crypto trades on the users’ behalf on third-party crypto exchanges they are connected to, reports CoinDesk.
In September, crypto trading company Wintermuse announced that it had suffered a data breach that resulted in $160 million worth of digital currency being stolen.
Have you been impacted by a data breach? Let us know in the comments!
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
Washington residents: Did you receive a ‘refer a friend’ text for Capital One, Venmo, Tesla, Coinbase, or another company?
September 23, 2025 | Legal News
5 thoughts onFBI investigates 3commas data breach
FRAUD CRYPTO
I fell for a scam broker, and lost a lot of money up to $150,000. I searched for a way to retrieve my lost money back and I got a recommendation of Expert Bernie Doran. Their expertise and professionalism in navigating the complex process were truly commendable. I have been able to recover all my lost crypto/funds and made $10,000 – $20,000 profits not just by buying the dip but implementing trades with signals supplied by Expert Mr Bernie Doran, I am glad I was able to recover my lost funds successfully . He can be reached on TELEGRAM – IEBINARYFX or Gmail Berniedoransignals @ gmail. com
I also lost $76,200 USDT and $8,000 BTC due to 3Commas exploit. I contacted both exchange. I really need to know what to do next and how to handle this. I opened a poice report following day. All fraudulent trades were on Dec 13th 2022. Please help me.
I’m a victim of this data breach. My lost is over 47 000 $ US dollars. Unauthorized trades have been made on my Binance spot account via my 3Commas API key.
Hello Gilles I too am a victim of the 3Commas API breach. My loss stands at $32,000. Of course I’m seeking reimbursement by 3Commas but rather than appointing a lawyer on my own I’m hoping to join others in a class action. Have you engaged a lawyer?
Have u contacted any lawyer, were ubable to recover funds