Unprecedented User Account Compromises
3Commas, a prominent crypto trading bot provider, has increased its security alert level in response to recent unauthorized access and trading activity observed on some user accounts. According to an announcement from CEO Yuriy Sorokin, several users reported unauthorized trades following password resets, prompting an immediate investigation by the firm.
Notice of Incident. We've identified a security incident that has come to our attention concerning the security of 3Commas accounts. 📚Learn more and stay secure:
— 3Commas (@3commas_io) October 8, 2023
Read our Blog Post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj
Limited Compromises But Security Tightened
Though only a few accounts were compromised, 3Commas is taking the matter seriously and has initiated further investigations to understand the full extent and nature of the breaches. During this heightened security period, the company assures that services will continue running normally. The investigation revealed that most of the compromised accounts had not activated two-factor authentication (2FA).
Proactive Measures and Past Security Incidents
To enhance security, 3Commas introduced new protocols for password resetting and has temporarily disabled API connections following password resets. The company strongly recommends users enable 2FA and routinely change passwords as precautionary measures. This security incident follows a previous breach in October 2022, in which user API keys were inadvertently leaked, resulting in unauthorized trading activities.
