3Commas Raises Security Alert Amid User Account Breach

The Breach: What We Know

3Commas, a popular crypto trading bot provider, recently found itself in the spotlight for all the wrong reasons after several user accounts were compromised. Co-founder and CEO Yuriy Sorokin disclosed in a blog post that on October 3, they received alarming reports of unauthorized trades occurring following user password resets. It seems that in this digital age, even the most savvy traders can be caught off-guard!

The Numbers Game

According to Sorokin, the breach was not widespread, affecting less than ten users. While that may sound minor, for those individuals, it was a big deal. Sorokin reassured users that their services continued to run normally, but the company is now operating with heightened vigilance—sort of like a cat eyeing a laser pointer, always on alert.

Two-Factor Authentication: The Unsung Hero

In the aftermath of the incident, 3Commas noted a common thread among the compromised accounts: a lack of two-factor authentication (2FA). It’s a classic case of ‘the shoes we don’t wear’— sure, it may seem annoying to set up, but it sure beats crying over lost funds! The company emphasized the importance of enabling 2FA and regularly cycling passwords to fend off future attacks.

Lessons from the Past

As if this was déjà vu, this isn’t the first time 3Commas has faced scrutiny over security issues. A prior incident in December 2022 involved leaked API keys that led to unauthorized trade claims, leaving many users feeling gaslit and seeking restitution. Sorokin’s response this time shows growth; he admits to the security incident rather than immediately blaming phishing.

Moving Forward: What’s Next?

Conclusively, while 3Commas is under investigation for this event and has implemented new security measures, users must also do their part. As Sorokin noted, they’re actively working with authorities and rolling out heightened security protocols, including a revamped password reset process and automatic API disconnection once a password is changed. Remember folks, in crypto, it pays to be secure!