Crypto Trading Bot Provider 3Commas Enhances Security After User Account Breach

Crypto trading bot provider 3Commas is on high alert following the compromise of a limited number of user accounts, which were then used for unauthorized trading activities.

3Commas co-founder and CEO Yuriy Sorokin addressed the issue in a blog post on October 8, revealing that they had received reports from users who had experienced unauthorized trades after resetting their passwords.

Investigation Reveals Scope of Breach

Although 3Commas did not disclose the precise number of affected users, an investigation determined that only a small number of customer accounts were compromised.

Notice of Incident. We've identified a security incident that has come to our attention concerning the security of 3Commas accounts. 📚Learn more and stay secure:
Read our Blog Post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj
— 3Commas (@3commas_io) October 8, 2023

Sorokin stated,

“We will continue with our investigation into this matter. Please note, however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert.”

In addition, most of the compromised accounts lacked two-factor authentication (2FA), according to the firm. Importantly, the accessed data did not include user API data or passwords.

3Commas Takes Action After Unauthorized Trading Incidents

As part of additional security measures, the firm has implemented a new procedure for resetting passwords and disabled API connections after a user resets their password.

I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.

Stay #SAFU.
— CZ 🔶 BNB (@cz_binance) December 28, 2022

This incident comes on the heels of a disclosure made by 3Commas in December 2022, concerning an October leak of user API keys that led to unauthorized trades on affected accounts. Initially, both Sorokin and 3Commas denied any breach, suggesting that customers had fallen victim to phishing attempts. However, they later admitted to the API leak.

3Commas’ Commitment to User Security

In response to the previous incident, affected users had called for refunds and an apology, leading Sorokin to say, “We regret that such an incident has taken place.” He also emphasized that the trading bot is actively enhancing its security measures to prevent or mitigate similar incidents in the future.

Lastly, for the trading bot users, the message is clear: vigilance and robust security practices are crucial in the cryptocurrency trading environment.

Friend.tech Introduces Enhanced Security Measures Following SIM-Swap Attack Incidents

Ethereum Swaps 1,700 ETH for 2.738 Million USDC on Uniswap