3Commas Tweaks Internal Security After Accounts of Some Users Were Compromised, Passwords Reset

3Commas, the provider of automated crypto trading services, has warned its community members to be alert about their account-related notifications as cyber threats loom large over the platform. Over the weekend, the platform’s team decided to deploy some changes to its existing security system after some users complained of seeing unauthorised trades placed from their accounts. This hinted the platform that it could be under attack from crypto hackers. Passwords of these accounts were also reportedly reset, hinting at the potential hack attack.

A Cloud-based crypto trading platform, 3Commas allows its users to use its trading bots to stay on top of the game. The bot efficiently making trade-related decision based on real-time market stats. The platform founded in 2017, boasts of stellar customer feedback from its community that has over 100,000 entities as part of its.

Upon internal investigation, 3Commas found that this hack only affected a few user-accounts, and its operations on the otherwise large scale, remain safe and functional.

The platform has strongly advised all its users to enable two-factor authentication (2FA) in the backdrop of this incident.

“The security incident took place mainly affected customers who had not enabled 2FA. Please note that the data accessed did not include your API secret data and account passwords. In response to the few customer reports, we took immediate measures to address the situation,” the Estonia-based company said.

3Commas, in its official post, explained the security changes it has made to its system.

“We shifted the approach to password resets and deployed an additional functionality so that now, after passwords are reset, all API connections are disabled to provide an extra layer of security. In the meantime, our services are running normally, and we will continue to operate in a state of heightened alert,” the post said.

As of now, details about the finances that may have been stolen or relocated as part of this attack remain undisclosed.

This is not the first time however, that user accounts from 3Commas have been breached by notorious cyber hacking.

In October 2022, the API keys of 3Commas were leaked, that had resulted in the leaks of unauthorised trades on the accounts of the victims.

Hackers keep targeting the crypto sector because not only are crypto transactions largely untraceable, the lack of regulations to govern the sector also gives them loopholes to get ahead of law enforcement agencies.

In the last leg of September, Web3 firm Mixin Network was hacked, leading to losses worth $200 million (roughly Rs. 1,662 crore) from its account.

In fact, the funds stolen in crypto scams, hacks, and rug pulls breached the mark of $656 million (roughly Rs. 5,454 crore) during the first half of 2023, a report by Web 3.0 security firm Beosin said in July.