In light of this incident, 3Commas is operating under heightened vigilance to ensure the safety of its users’ accounts. An official blog post, dated October 8, authored by Yuriy Sorokin, co-founder, and CEO of 3Commas, acknowledges the reports of unauthorized trading activity on some users’ accounts following password resets.
The investigation has revealed that only a small subset of customer accounts was compromised, resulting in these unauthorized trades. 3Commas, however, has chosen not to disclose the exact number of affected users at this time.
Yuriy Sorokin assured the community of 3Commas users that the investigation is ongoing, with a commitment to ensuring the continued smooth operation of their services. He emphasized that despite the ongoing investigation, all systems remain fully functional and are being closely monitored during this period of heightened alertness.
Notably, it was observed that the majority of accounts subject to unauthorized trades lacked two-factor authentication (2FA) security. 3Commas advises all users to enable 2FA and also regularly update their passwords for enhanced security.
This incident isn’t the first of its kind for 3Commas. In December 2022, the firm disclosed an incident in which user API keys were inadvertently leaked, leading to unauthorized trading activity on certain accounts. Initially, 3Commas denied a breach, suggesting phishing as the culprit. However, a subsequent admission by Sorokin confirmed an API leak.
Unhappy 3Commas users affected by the API leak voiced their concerns, demanding refunds and an apology for what they perceived as misinformation. Sorokin expressed regret over the incident and affirmed that 3Commas is actively improving its security measures to prevent or mitigate similar occurrences in the future.
