Crypto trading bot provider 3Commas has heightened its vigilance following security breaches that affected some user accounts, leading to unauthorized trades being executed.
In a blog post dated October 8th, Yuriy Sorokin, co-founder and CEO of 3Commas, acknowledged reports from users who had experienced unauthorized trading activities after resetting their passwords. The investigation into the matter revealed that only a small number of customer accounts had been compromised, though the exact number of affected users was not disclosed.
Sorokin assured users that 3Commas’ services are operating normally despite the ongoing investigation. He emphasized the company’s commitment to maintaining a state of heightened alert while resolving the issue.
3Commas noted that most of the accounts affected by unauthorized trades had not enabled two-factor authentication (2FA). It clarified that the accessed data did not include user API information or passwords. To enhance security, the company has implemented a new password reset procedure and now disables API connections after a user changes their password. Additionally, 3Commas strongly recommended that users activate 2FA and regularly update their passwords.
The incident follows a previous security breach in October 2022 when 3Commas disclosed the leakage of user API keys, resulting in unauthorized trades. Initially, the company denied a breach had occurred, attributing the issue to phishing attacks. Later, Sorokin acknowledged the API leak and the subsequent gaslighting of affected users.
Sorokin expressed regret for the recent incident and pledged to enhance the company’s security measures to prevent or minimize the risk of similar occurrences in the future. As of now, 3Commas has not responded to requests for comment from Cointelegraph.