Cryptocurrency trading bot provider 3Commas is on “high alert” after some of its users’ accounts were hacked and used to make trades.
October 8 blog mail Yuri Sorokin, co-founder and CEO of 3Commas, said he had received reports from users about unauthorized trades on their accounts after resetting their passwords.
The investigation found that “only a small number of customer accounts” were compromised and unauthorized trades were made. 3Commas did not disclose the number of affected users.
Accident notification. We have identified a security incident that has come to our attention regarding the security of 3Commas accounts. Learn more and stay safe:
Read our blog post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj
– 3commas (@3commas_io) October 8, 2023
“We will continue our investigation into this matter,” Sorokin wrote. “However, please note that in the meantime, our services are operating normally, and we will continue to operate in a state of high alert.”
Accounts with unauthorized transactions often did not enable two-factor authentication (2FA), according to 3Commas. It said the data accessed did not include user API data or passwords.
As an additional security measure, the company said it has implemented a new approach to resetting passwords and disabling API connections after a user resets their password. It is recommended that users enable two-factor authentication and change their password regularly.
Related: OpenSea is “unaware” of any involvement of a former executive in a $60 million rug sweep
In December 2022, the company disclosed an incident in October where user API keys were leaked, leading to unauthorized trades on victims’ accounts.
Sorokin and 3Commas initially denied any hacking had occurred, suggesting instead that their customers had been subjected to phishing. She later relented and Sorokin admitted there was an API leak from 3Commas.
3Commas users affected by the API leak have called for refunds and apologies for being gaslighted.
“We regret that such an incident occurred,” Sorokin said of the latest incident. He added that 3Commas is working to improve its safety to prevent or limit similar incidents in the future.
3Commas did not immediately respond to Cointelegraph’s request for comment.
magazine: How to protect your cryptocurrencies in a volatile market – Bitcoin OGs and experts discuss it