Provider Of Cryptocurrency Trading Bots, 3Commas, Discloses Unauthorised Trades On User Accounts

Cointelegraph reports that 3Commas, a provider of cryptocurrency trading bots, is on high alert after several user accounts were compromised and used to execute unauthorised transactions. Yuriy Sorokin, co-founder and CEO of 3Commas, stated in a blog post dated October 8 that the organisation had received user reports of unauthorised transactions on their accounts subsequent to password resets. Although a limited number of customer accounts were compromised, as determined by an investigation, 3Commas refrained from disclosing the precise count of affected users.

According to 3Commas, the majority of accounts that engaged in unauthorised transactions did not have two-factor authentication (2FA) enabled. The accessed information was devoid of any user API data or credentials. In order to enhance security protocols, the organisation instituted a novel method for password resets and disabled API connections subsequent to a user's password reset. It is advisable that users implement two-factor authentication and alter their passwords on a regular basis.

October 2022 saw the disclosure by 3Commas of an incident involving the leakage of user API keys, which enabled unauthorised transactions on victim accounts. Initially, Sorokin and 3Commas denied the existence of a breach and proposed that their clients had been duped via phishing. They later acknowledged, however, that an API leak had occurred on the part of 3Commas. In response to the API breach, affected users demanded refunds and an apology for being gaslighted. Sorokin stated that 3Commas is enhancing its security in an effort to limit or prevent recurrences of similar incidents.