Should you trust 3Commas with your coins? Users say NO!


  • 3Commas trading firm loses industry trust amid rampant API hacks and lack of accountability.
  • Affected users filed a report with the Estonian Police: “Unfortunately, the stolen 30 BTC and 270 000 USDT were my father’s life saving […] I live in Odesa, Ukraine, we are in a war […] We are in a very difficult situation.”
  • ZachXBT, the famous crypto detective, wonders how 3Commas is still in business. 

As the crypto drama involving FTX and SBF, another crypto culprit is on the rise – the beloved 3Commas. For close to a year now, 3Commas has been tied to data breaches through compromised API keys from the trading platform. Users are left frustrated more so by the lack of action from the crypto entity. An affected party told Cryptopolitan of his troubled ordeal with the platform – it’s one to gasp upon.

Security breaches have been a relentless threat to the crypto industry in recent years, leaving trails of disruptions and major financial losses. Several traders tied to 3Commas have had it worse. The informant states, “Everything went smoothly until it did not.  On Nov 13th of 2022, my account got washtraded, and in 8 minutes, 30BTC and 270 000 USDT were drained from my account on Binance.”

3Commas on the spot for customer data negligence

3Commas is a platform that allows users to connect multiple crypto exchange accounts, such as those held on Binance, to automated trading software. All of this is carried out using APIs (application programming interfaces), which are standardized procedures that allow various software components to connect with one another and complete activities. 

The idea is that humans do not have to do the difficult job of considering their trades. Instead, everything is done promptly and automatically using code. This is all good and profitable until the wrong people get access to the APIs. 

Hacks appear to be the order of the day at 3Commas. Data was verified late last year on X (previously Twitter) by Blockchain sleuth @ZachXBT. During that time, ZachXBT stated that he had confirmed 44 victims who had lost a total of $14.8 million due to API keys stolen from 3Commas.

A few days ago, 3Commas was hit again. In a blog post published on October 8th, 3Commas disclosed a security breach after multiple users reported unauthorized transactions on their accounts. According to Yuriy Sorokin, CEO of 3commas, the compromised accounts lacked two-factor authentication (2FA), allowing hackers unauthorized access to consumer account information.

ZachXBT, a crypto security expert, took to Twitter to express his dissatisfaction with 3Commas’s security practices, particularly in light of the exchange’s December 2022 security breach.

3Commas affected users won’t idly sit by and watch

Well, ZachXBT is not the only one who wonders how 3Commas is still in business. Following the 3Commas data breach, it is evident that users’ trust and confidence in the company have been shaken. Affected users, such as our informant, have taken steps to ensure 3Commas answers for its negligence

Are hacks prevalent in the crypto space space? Yes. Is it okay for the affected firms to sit by and not take action? No. Get this: the first time the hack situation at the firm came to light, the entity blamed it on the users who fell victim to phishing attacks. However, that was not the case.

One of the affected users hails from Ukraine. He tells Cryptopolitan that after he realized he was hacked, he reached out to Binance and 3Commas for help, to no avail: “I contacted both Binance and 3c immediately, but both did not help, and Binance did not freeze the account of the attacker.” Now, he has filed a report with Estonian police.

According to his report, Binance was aware of the situation, and nothing much was done. So, they have thought it best to take care of their coins themselves. This begs the question of trust for both entities.

Both 3Commas and Binance completely deflected the interaction, so I went to Twitter and found other victims; we made a telegram group and an Excel sheet in order to somehow organize the data and try to figure out what happened. I went to the Cybersecurity company CQR the next morning after the attack. They did forensics on all of my hardware, I was all clean, but neither Binance nor 3Commas  cared about it.

Affected User

Unlike Binance, who left their users high and dry, customers who were on Coinbase had their accounts insured and got compensated by Coinbase in a matter of 2 weeks, but all others are rekt. 

Unfortunately, the stolen 30 BTC and 270 000 USDT were my father’s life savings, and we had them on Binance because I live in Odesa, Ukraine, we are in a war, and even my bank where I had a safe deposit box got bombed.  We are in a very difficult situation.

Affected User

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Share link:

Florence Muchai

Florence is a crypto enthusiast and writer who loves to travel. As a digital nomad, she explores the transformative power of blockchain technology. Her writing reflects the limitless possibilities for humanity to connect and grow.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Sony Bank Launches Stablecoin Pilot Project on Polygon Blockchain
Subscribe to CryptoPolitan