3Commas Alerts on Security Breach Leading to Unauthorized Crypto Trades
Summary:
Crypto bot trading company 3Commas has reported a security breach causing unauthorized trades on some user accounts. Users reported this after resetting their passwords and it seems accounts without two-factor authentication were affected. The company, however, confirmed that user API data and passwords were not accessed. New measures to improve security have been implemented, including restructuring the password reset approach. CEO Yuriy Sorokin regrets the incident, revealing this is not the first time, a previous API leak occurred in 2022. The company is committed to enhancing its security to prevent future breaches.
In a notable recent cybersecurity incident, crypto bot trading firm 3Commas sounds alarm due to a security breach resulting in unauthorized trading activity on some of their clients' accounts. CEO and co-founder Yuriy Sorokin identified on Oct. 8 that the disturbing activity was reported by customers who reset their passwords. Their preliminary probe exposed that this security latch affected a marginal number of accounts. The specifics about the affected clientele was not made public.
An official tweet updates on the security glitch stressing on fortifying their customers' security. The tweet includes a link to their blog post that emphasizes on how to bolster security for their customers.
As the investigation is in progress, Sorokin assured that normal services are unaffected and the company is on the alert to prevent any such unforeseen situations. According to 3Commas, the compromised accounts were mostly those that had not activated two-factor authentication (2FA). They confirmed that the breach did not gain access to users' API data or passwords.
In an attempt to strengthen their security measures, 3Commas has restructured their password reset approach and deactivates API connections post a user resetting their password. It strongly advocates users to enable 2FA and routinely modify their passwords for added security.
Observing a comparable incident in the past, October 2022, 3Commas admitted to an API leak where user API keys were exposed, facilitating unauthorized transactions in victim's accounts. Initially, CEO, Sorokin alleged no security breach and insinuated the users fell for phishing attempts, however, he eventually succumbed and confessed to the API leak originating from 3Commas.
Customers suffered due to this API leak demanded reimbursement and an apology for misleading communication. CEO Sorokin expressed regret over the latest security incident and pledged to upskill their security to avert or minimize potential breaches in the future. No response is reported yet from 3Commas to Cointelegraph’s request for a comment. The magazine includes advice from experts on how to safeguard crypto assets during market volatility.
Published At
10/10/2023 1:06:57 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.