Provider Of Cryptocurrency Trading Bots, 3Commas, Discloses Unauthorised Trades On User Accounts
Certain user accounts of the cryptocurrency trading bot provider 3Commas were compromised and used for unauthorised transactions during two separate security incidents in October 2022 and October 2023. The breaches were initially attributed to phishing and weak passwords, but the company later acknowledged that it had leaked user API keys during the initial incident.

Cointelegraph reports that 3Commas, a provider of cryptocurrency trading bots, is on high alert after several user accounts were compromised and used to execute unauthorised transactions. Yuriy Sorokin, co-founder and CEO of 3Commas, stated in a blog post dated October 8 that the organisation had received user reports of unauthorised transactions on their accounts subsequent to password resets. Although a limited number of customer accounts were compromised, as determined by an investigation, 3Commas refrained from disclosing the precise count of affected users.
According to 3Commas, the majority of accounts that engaged in unauthorised transactions did not have two-factor authentication (2FA) enabled. The accessed information was devoid of any user API data or credentials. In order to enhance security protocols, the organisation instituted a novel method for password resets and disabled API connections subsequent to a user's password reset. It is advisable that users implement two-factor authentication and alter their passwords on a regular basis.
October 2022 saw the disclosure by 3Commas of an incident involving the leakage of user API keys, which enabled unauthorised transactions on victim accounts. Initially, Sorokin and 3Commas denied the existence of a breach and proposed that their clients had been duped via phishing. They later acknowledged, however, that an API leak had occurred on the part of 3Commas. In response to the API breach, affected users demanded refunds and an apology for being gaslighted. Sorokin stated that 3Commas is enhancing its security in an effort to limit or prevent recurrences of similar incidents.
Bonus rebate to help investors grow in the trading world!