An anonymous Twitter user has acquired around 1,00,000 application programming interface (API) keys belonging to users of the crypto trading service, 3Commas.

More than 10,000 of the keys were released by the leaker the rest “will be published full [sic] randomly in the upcoming days”, CoinDesk reported.

In a tweet on Thursday, 3Commas CEO Yuriy Sorokin confirmed the authenticity of the leak and said that “as an immediate action, we have asked that Binance, KuCoin, and other supported exchanges revoke all the [API] keys that were connected to 3Commas”.

Buy Me A Coffee

Sorokin also mentioned that he and his company “did everything that we could to investigate an inside job, as it was always a possible scenario and on our watch list, but proof of an inside job was not found”.

The leak follows claims made by dozens of 3Commas users that their API keys were used to perform trades on exchanges like Binance, KuCoin and Coinbase without their consent, the report said.

However, before 3Commas made its statement, Binance CEO Changpeng Zhao warned users that “if you have ever put an API key in 3Commas (from any exchange), please disable it immediately”.

Many 3Commas users confirmed to CoinDesk that they were able to locate their API keys among those that were released by the leaker.

CERT-In Finds Multiple Bugs in Node.js that Can Be Used to Obtain Sensitive Info