3Commas, the crypto trading bot provider, has been put on heightened alert after a few users’ accounts were compromised and used in order to place multiple trades. A blog post made on the 8th of October from Yuriy Sorokin, the co-founder, and CEO of the company, stated that they had received multiple reports from users concerned about unauthorized trades on their accounts after their passwords were reset.
An investigation that was launched also found a few customer accounts that were compromised and unauthorized trades that were made. Sorokin also wrote that they would be continuing with the investigation into this matter, and users were supposed to note that in the meantime, the services were running normally, and they would be operating in a state of heightened alert.
3Commas Had Suffered API Leaks Which They Hid From Clients
The accounts with unauthorized trades had not really enabled two-factor authentication, according to 3Commas. It mentioned that the data that was accessed did not really include user API data or any password. The firm also said that it had implemented a new approach to resetting passwords or disabled API connections after a user ended up resetting their password. It is also recommended users end up enabling two-factor authentication and then change the password.
In December 2022, 3Commas went on to disclose an incident from October wherein user API keys had been leaked, which led to unauthorized trades in multiple victim accounts. The company, as well as Sorokin, had initially denied a breach had taken place and had further suggested that their customers had ended up being phished. They had relented later, and Sorokin had admitted that there had indeed been a leak from the company itself. The users of the company had been affected by the API leak wherein they called for refunds as well as an apology for being gaslighted.
