Following the hacking of some of its user accounts and the use of those accounts to execute unauthorised trades, cryptocurrency trading bot provider 3Commas is now on high alert. 3Commas co-founder and CEO Yuriy Sorokin wrote in a blog post on October 8 that the business had received information from customers concerning unauthorized trades occurring on their accounts after they had changed their passwords. Only a small number of client accounts were compromised, according to an inquiry, although 3Commas declined to say how many people were impacted.
According to 3Commas, the majority of the accounts with unauthorized trades did not have a two-factor authentication (2FA) setup. User API data and passwords were not included in the data that was accessed. The company changed how passwords are reset and stopped API connections once a user resets their password as extra security measures. Two-factor authentication should be enabled, and users should update their passwords frequently.
3Commas revealed a December 2022 issue in which user API keys had been exposed in October, resulting in unauthorized trades on victim accounts. At first, Sorokin and 3Commas claimed there had been no breach and instead asserted that some of their clients had been phished. They eventually acknowledged that 3Commas had leaked an API, nevertheless. Users who were impacted by the API breach demanded refunds and an apology for gaslighting them. According to Sorokin, 3Commas is enhancing its security to stop or mitigate similar events in the future.