3Commas, a popular crypto trading bot provider, has taken proactive security measures following a recent incident where a limited number of user accounts were compromised.
Unauthorized trades were executed on these accounts after password resets, prompting 3Commas to investigate the matter.
Reviewing The Breach
In a blog post on October 8th, Yuriy Sorokin, co-founder, and CEO of 3Commas, acknowledged the reports they received regarding unauthorized trades carried out on users’ accounts. This suspicious activity occurred immediately after these account holders had reset their passwords.
Notice of Incident. We've identified a security incident that has come to our attention concerning the security of 3Commas accounts. 📚Learn more and stay secure:
Read our Blog Post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj— 3Commas (@3commas_io) October 8, 2023
Upon investigation, it was determined that only a small number of customer accounts had been compromised, although the exact number was not disclosed by 3Commas. Sorokin assured users that despite this incident, the platform’s services were operating normally, albeit with enhanced vigilance.
The compromised accounts were mostly those without two-factor authentication (2FA) enabled. Fortunately, the breach did not compromise sensitive information such as user API data or passwords.
New Security Measures Implemented By 3Commas
In response to this breach, 3Commas has introduced additional security protocols. These include a revamped approach to password resets and the automatic disabling of API connections following a password reset. Users are strongly encouraged to activate 2FA and regularly change their passwords.
Also Read: A Guide To AI Crypto Trading Bots: Benefits, Risks, And Choosing The Right One For You
A History of Security Issues
This is not the first time 3Commas has faced security challenges. In December 2022, the company disclosed a security incident that occurred in October of the same year. At that time, user API keys were leaked, resulting in unauthorized trades on affected accounts. Initially, 3Commas denied any breach and suggested phishing attempts were responsible. However, they later admitted to the API leak, leading to calls from affected users for refunds and an apology.
Commitment to Enhanced Security
Yuriy Sorokin expressed regret over the recent incident and emphasized the company’s commitment to improving security measures to prevent or mitigate similar occurrences in the future. Despite requests for comments, 3Commas had not responded to inquiries from Cointelegraph at the time of reporting.
Also Read: Top 3 AI Crypto Trading Bots To Boost Your Profits