3Commas on Alert Over User Account’s Security Breach

In recent developments, 3Commas, a renowned provider of automated trading bots for the cryptocurrency market, experienced a security breach resulting in the compromise of several users’ accounts that were utilized to execute trades without the owners’ knowledge or consent.

According to a blog post from 3Commas CEO and founder Yuriy Sorokin, the crypto trading bot provider is on heightened alert following the unauthorized access and manipulation of user accounts. As a consequence, 3Commas has implemented increased security measures and remains vigilant in order to prevent further unauthorized access.

3Commas Users to Enable 2FA

As per a thorough investigation, only a few users’ accounts were compromised and this happened because the customers failed to enable two-factor authentication (2FA). Although the company did not disclose the exact number of users affected, it mentioned that the data accessed by the malicious actors did not include the customer’s API secret data and account password.

Meanwhile, the bot provider is doing everything within its power to address the situation. However, 3Commas’s services will continue to run normally as users are advised to enable the 2FA and constantly change their password to continuously secure their accounts. Furthermore, the firm said it has enforced a unique approach to resetting passwords and has disabled API connections after a user reset its password.

3Commas API Key Exploitation

Recall that in December 2022, Changpeng Zhao, the CEO of the world’s largest cryptocurrency exchange Binance took to X (formerly known as Twitter) to alert his eight million followers that there was an API key leak on 3Commas.

Also, the hacker carried out unauthorized trades using API keys tied to the cryptocurrency trade management platform. For a particular user, his account using 3Commas API keys traded DMG tokens over 5000 times leading to the loss of $1.6 million in digital assets.

Growing Trend of Security Attacks

With the rising popularity of digital assets and the subsequent increase in their value, malicious actors are constantly seeking opportunities to exploit vulnerabilities.

About a few weeks ago, OpenSea, the Non-Fungible Token (NFT) marketplace sent a notification to users stating that one of its third-party vendors experienced a security incident that may have exposed information related to users’ API keys. As such, users were advised to deprecate the usage of existing keys and replace them with newly generated keys.

Also, Hong Kong-headquartered cryptocurrency exchange CoinEX experienced a breach and over $27 million in digital assets were siphoned from the platform’s wallets.

The post 3Commas on Alert Over User Account’s Security Breach appeared first on Latest News and Insights on Blockchain, Cryptocurrency, and Investing.