Crypto trading bot service 3Commas has heightened its security protocols following unauthorized trading activities on a select number of user accounts. The company took immediate action after receiving reports from users about unauthorized trades that occurred shortly after their account passwords had been reset. The firm announced the incident via a tweet on X:
Notice of Incident. We've identified a security incident that has come to our attention concerning the security of 3Commas accounts. 📚Learn more and stay secure:
— 3Commas (@3commas_io) October 8, 2023
Read our Blog Post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj
According to Yuriy Sorokin, the CEO of 3Commas, a “security incident” presumably led to “unauthorized access to customer account data.” Sorokin emphasized that, to the best of the company’s current understanding, only a “few customer accounts” experienced password resets and “alleged unauthorized trades.”
The compromised accounts were mainly those that had not enabled two-factor authentication (2FA). The company clarified that the data accessed did not include API secret data or account passwords. In response, 3Commas has altered its approach to password resets and has deployed additional functionality to disable all API connections after a password reset, providing an extra layer of security.
The company also issued a set of recommendations for users to further secure their accounts, including enabling 2FA and changing passwords regularly. Sorokin added that the firm understands the importance of user trust and deeply regrets the incident. He assured that 3Commas is committed to continuously improving its security measures to prevent or limit similar future incidents.
3Commas has also carried out an internal investigation to eliminate the possibility of an inside job but found no supporting evidence. The firm is also collaborating with law enforcement for a comprehensive investigation into these security lapses. While 3Commas assured its user base that services are operational, it remains on high alert to secure user data and assets.
This isn’t the first security hiccup for 3Commas. In December 2022, the firm revealed an incident from the preceding October where user API keys were leaked, resulting in unauthorized trades. Initially, the company and its CEO denied any security breach, suggesting that the affected customers had been victims of phishing attacks.
Yuriy Sorokin then later admitted the API leak, stating:
We regret that such an incident has taken place. We are committed to enhancing our security protocols to prevent similar occurrences in the future.
Users impacted by the API leak had demanded refunds and an apology for being misled. The company has also liaised with exchanges like Binance and Kucoin, urging them to revoke all compromised API keys.
