3Commas on ‘heightened alert’ after several user accounts hacked

cointelegraph.com:

Crypto trading bot provider 3Commas is on “heightened alert” after some of its user’s accounts were compromised and used to place trades.

An Oct. 8 blog post from 3Commas co-founder and CEO Yuriy Sorokin said it received reports from users concerning unauthorized trades on their accounts after resetting their passwords.

An investigation found “only a few customer accounts” were compromised and unauthorized trades made. 3Commas did not disclose the number of users affected.

Notice of Incident. We've identified a security incident that has come to our attention concerning the security of 3Commas accounts. Learn more and stay secure:
Read our Blog Post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj

“We will continue with our investigation into this matter,” Sorokin wrote. “Please note, however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert.”

The accounts with unauthorized trades mostly had not enabled two-factor authentication (2FA), according to 3Commas. It said the data accessed did not include user API data or passwords.

As additional security measures, the firm said it implemented a new approach to resetting passwords and disabled API connections after a user resets their password. It recommended that users enable two-factor authentication and regularly change their password.

Related: OpenSea ‘unaware’ of any involvement of former exec in $60M rug pull

In December 2022, the firm disclosed an incident from that October where user API keys had been leaked, leading to unauthorized trades on victim accounts.

Sorokin and 3Commas initially denied a breach had taken place and instead suggested its customers had been phished. It later relented and