tldr; Change your API keys ASAP
​
I am an fool, and did not comply with up on altering API keys when 3commas notified me through e mail that they’ve been seeing an uptick in fraud. 3commas claims its all been phishing scams and never a breach with their system so I wasn’t in a rush. It is a full lie. They’ve been breached. I do know for a proven fact that I by no means accessed or entered my API keys outdoors their platform (I exploit distinctive keys for every third social gathering), and haven’t used that key since I first setup my account years in the past. Remember, my keys didn’t enable for withdrawals, so that is the place it will get fascinating.
The way in which the attacker did it was bought the favored cash for USD on CB professional, then purchased thousands and thousands of JASMY cash, dozens and dozens of occasions. It is a low quantity, low value, low liquidity coin. They’d challenge buys at $0.004 after which sells at $0.00385 (racking up hundreds in buying and selling charges as nicely). They should have been on the opposite aspect of these trades. As I am shopping for excessive and promoting low, they’re promoting excessive, and shopping for low. Every commerce web’d them about $1000 occasions dozens and dozens of trades. So though they could not withdrawal the funds, they may discover a low liquidity coin which they may basically management the buying and selling market and get cash out that manner.
I will file a police report, however not hopeful in any respect. If anybody else has recommendation, I am all ears on proceed subsequent.
What pisses me off extra is dropping the potential positive factors sooner or later. This wasn’t all my crypto, however was an enormous chunk of it. On the constructive aspect, being within the bear market, I should purchase again low-cost proper now.
This subreddit is a public forum. For your security, do not post personal information to a public forum, including your Coinbase account email. If you’re experiencing an issue with your Coinbase account, please [contact us](https://help.coinbase.com/en/contact-us.html) directly.
If you have a case number for your support request please respond to this message with that case number.
You should only trust [verified Coinbase staff](https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media.html). Please report any individual impersonating Coinbase staff to the moderators.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CoinBase) if you have any questions or concerns.*
Hey Throwaway150kmoney, sorry to hear your account was compromised! Please have your law enforcement agency email [email protected]:
https://help.coinbase.com/en/pro/other-topics/legal-policies/who-do-i-contact-for-a-subpoena-request-or-dispute-or-to-send-a-legal-document
Let us know if you have any questions at all!
So u left 145k on a cex?
I read a similar incident which happened to a guy on the B.US subreddit. His Zen ledger API was obtained and the hackers were able to do high volume trades in a low liquidity/low volume coin and on the other side make profits to shift the account value over. $125k~ or so was lost. JASMY coin makes sense now as it has tanked dramatically since its high in November 2021.
I do not know anything about Zen Ledger or 3commas. The only API I used was CoinTracker.
GL recuperating your portfolio.
Maybe you’ll learn a lesson. Crypto isn’t a speculative asset. It’s an alternate form of finance.
Cold wallet point blank…
[deleted]
I’m sorry for your loss, that’s horrible. Thanks for taking the time to post this. This is not a type of exploit I’ve heard of before and you may have saved others.
I wonder if CB or other authorities could reliably see who was in the other side of those trades. For such a low liquidity coin, you’d think it would be easy, though maybe hard to prove beyond a reasonable doubt
Anybody see any similar risks from read only API keys? I use a tax reporting company that requires them.
Sorry to hear this they are pretty shity at customer service And support
If you hear of any type of class action law sute ple let me know
Leave coinbase they’ve gone ???? shit.
lol
Good job, you probably just funded terrorism
So you lost 145k from the fees and them driving down the price of JASMY? They weren’t able to withdraw your coins only manipulate a low volume coin correct?
WOW, forget about those trash projects. They’re useless. Try something stable and verified like Byepix. it is a perfect start in the world of crypto. join!
Clearly you have a gambling problem.
Strange coincidence but I remember getting a notification of massive jasmy trades happening on cb.