Over a dozen users of the crypto trading service 3Commas, which was backed by Sam Bankman-Fried’s Alameda Research, say the platform leaked their credentials and enabled attackers to run away with over $6 million in user funds. The platform’s CEO has called these allegations “false rumors,” stating that those who lost their funds have been phished – meaning they accidentally shared their credentials with an exploiter. But in an interview with CoinDesk on Monday, 3Commas Deputy Chief Technology Officer Artem Koltsov walked back the company’s unequivocal claim that every user who lost money was the victim of phishing or input-stealing. “The very disappointing thing here is that nothing can be told for sure,” said Koltsov. “We know that there is phishing out there. We know that anything could happen with those API keys. We’re not happy about it.” Neither side is able to prove its argument definitively: Just as 3Commas can’t state for certain that it was never the victim of a hack, its users can’t prove that they never accidentally shared their API keys. But amid all the confusion, conflicting statements from 3Commas have invited more questions than answers.
Full story : Alameda-Backed Crypto Trading Firm 3Commas Says It’s Pretty Sure It Wasn’t Breached.