Crypto trading bot provider, 3Commas, is currently on “heightened alert” following a security incident where some user accounts were compromised, leading to unauthorized trades. The co-founder and CEO of 3Commas, Yuriy Sorokin, addressed the incident in a blog post on October 8th after receiving reports from users about unauthorized trades on their accounts following password resets. A subsequent investigation revealed that only a few customer accounts were compromised, although the exact number was not disclosed.
Sorokin assured users that the platform’s services were running normally and that they would continue to operate in a state of heightened alert while the investigation into the matter continues. According to 3Commas, most of the affected accounts did not have two-factor authentication (2FA) enabled. The compromised data did not include user API data or passwords.
In response to the incident, 3Commas has implemented additional security measures. Now, whenever a user resets their password, API connections are disabled, and a new approach to password reset has been implemented. The company also strongly recommends that users enable 2FA and regularly change their passwords to enhance security.
This is not the first security incident that 3Commas has faced. In December 2022, the company disclosed an incident where user API keys had been leaked, resulting in unauthorized trades on victim accounts. Initially, Sorokin and 3Commas denied that a breach had occurred, suggesting that their customers had fallen victim to phishing attempts. However, they later confirmed the API leak and admitted their mistake.
Following the API leak incident, affected users demanded refunds and an apology for being gaslighted by the company. Sorokin expressed regret regarding the recent incident and pledged to further improve security measures to prevent similar incidents in the future.
It is unclear at this time whether any funds were stolen as a result of the compromised accounts. 3Commas has yet to respond to requests for comment from Cointelegraph regarding the incident.
In conclusion, 3Commas, a popular crypto trading bot provider, is currently on high alert after experiencing a security breach that led to unauthorized trades on some user accounts. The company is conducting an investigation into the matter while assuring users that its services are running normally. They have implemented additional security measures and encourage users to enable 2FA and regularly change their passwords to enhance their account security. This incident follows a previous API key leak incident, which resulted in demands for refunds and an apology from affected users. 3Commas acknowledges the incident and promises to improve security to prevent such incidents from occurring again in the future.
Source link