Crypto trading bot provider 3Commas is on high alert following the compromise of a limited number of user accounts, which were then used for unauthorized trading activities.
3Commas co-founder and CEO Yuriy Sorokin addressed the issue in a blog post on October 8, revealing that they had received reports from users who had experienced unauthorized trades after resetting their passwords.
Investigation Reveals Scope of Breach
Although 3Commas did not disclose the precise number of affected users, an investigation determined that only a small number of customer accounts were compromised.
“We will continue with our investigation into this matter. Please note, however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert.”
In addition, most of the compromised accounts lacked two-factor authentication (2FA), according to the firm. Importantly, the accessed data did not include user API data or passwords.
3Commas Takes Action After Unauthorized Trading Incidents
As part of additional security measures, the firm has implemented a new procedure for resetting passwords and disabled API connections after a user resets their password.
This incident comes on the heels of a disclosure made by 3Commas in December 2022, concerning an October leak of user API keys that led to unauthorized trades on affected accounts. Initially, both Sorokin and 3Commas denied any breach, suggesting that customers had fallen victim to phishing attempts. However, they later admitted to the API leak.
3Commas’ Commitment to User Security
In response to the previous incident, affected users had called for refunds and an apology, leading Sorokin to say, “We regret that such an incident has taken place.” He also emphasized that the trading bot is actively enhancing its security measures to prevent or mitigate similar incidents in the future.
Lastly, for the trading bot users, the message is clear: vigilance and robust security practices are crucial in the cryptocurrency trading environment.