Crypto trading bot provider 3Commas is on “heightened alert” after some of its user’s accounts were compromised and used to place trades.
An Oct. 8 blog post from 3Commas co-founder and CEO Yuriy Sorokin said it received reports from users concerning unauthorized trades on their accounts after resetting their passwords.
An investigation found “only a few customer accounts” were compromised and unauthorized trades made. 3Commas did not disclose the number of users affected.
Notice of Incident. We’ve identified a security incident that has come to our attention concerning the security of 3Commas accounts. Learn more and stay secure:
Read our Blog Post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj— 3Commas (@3commas_io) October 8, 2023
“We will continue with our investigation into this matter,” Sorokin wrote. “Please note, however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert.”
The accounts with unauthorized trades mostly had not enabled two-factor authentication (2FA), according to 3Commas. It said the data accessed did not include user API data or passwords.
As additional security measures, the firm said it implemented a new approach to resetting passwords and disabled API connections after a user resets their password. It recommended that users enable two-factor authentication and regularly change their password.
In December 2022, the firm disclosed an incident from that October where user API keys had been leaked, leading to unauthorized trades on victim accounts.
Sorokin and 3Commas initially denied a breach had taken place and instead suggested its customers had been phished. It later relented and Sorokin admitted there had been an API leak from 3Commas.
3Commas users affected by the API leak called for refunds and an apology for being gaslighted.
“We regret that such an incident has taken place,” said Sorokin on the latest incident. He added that 3Commas is improving its security to prevent or limit similar future incidents.
3Commas did not immediately respond to Cointelegraph’s request for comment.