3Commas suffers a security incident Cryptocurrency scrgruppen

3Commas, a popular cryptocurrency trading robot, provides smart trading solutions to investors around the world.

Unfortunately, the tool’s popularity also makes it a huge target for bad actors, who are sometimes successful in their attempts to obtain user data — or even a bot’s API data.

Fortunately, the latest attack was very limited in scope.

Unauthorized transactions have been reported

Towards the end of the weekend, 3Commas began receiving reports from users who saw unauthorized trades occurring on their accounts.

Accident notification. We have identified a security incident that has come to our attention regarding the security of 3Commas accounts. Learn more and stay safe:
Read our blog post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj

– 3commas (@3commas_io) October 8, 2023

Although the primary goal of a trading bot is to allow automated – or semi-automated – trades, these operations still generally require input and guidance from the user, which quickly ruled out a problem with the bot.

After an initial investigation – followed by an internal investigation – the developers noted that these transactions occurred shortly after affected users reset their passwords, indicating a data breach whose owner was not yet known.

Lack of 2FA was the likely cause

However, the API data for the users and the passwords themselves were not present compromise. Most of the affected accounts also lack two-factor authentication, which can help developers better identify attackers’ entry point.

“Our current understanding is that a security incident occurred, which supposedly resulted in unauthorized access to client account data. Fortunately, only a few client accounts had their passwords reset and alleged unauthorized trades made. This has affected Primarily on customers who did not have two-factor authentication (2FA) enabled. Please note that the data accessed did not include your confidential API data and account passwords.

Until the investigation is completed, 3Commas developers have advised users to change their passwords and enable two-factor authentication if they have not already done so.

Since unauthorized trades have previously occurred shortly after a password reset, the developers have implemented a temporary measure that disconnects the user from the API after a password reset.

In order to start trading again, the user has to manually reconnect, preventing any actor from taking over their account.

Unfortunately, this event has caused another loss to the reputation of 3Commas, whose user base has reported more than three security breaches in less than a year, and they are understandably very upset.