3Commas, the provider of automated crypto trading services, has warned its community members to be alert to their account-related notifications as cyber threats loom large over the platform. Last weekend, the platform’s team decided to make some changes to its existing security system after some users complained that unauthorized transactions had been placed from their accounts. This hinted to the platform that it could be attacked by crypto hackers. The passwords of these accounts have also reportedly been reset, indicating a possible hacking attack.
3Commas, a cloud-based crypto trading platform, allows its users to use its trading bots to stay on top of the game. The bot efficiently makes trading-related decisions based on real-time market statistics. Founded in 2017, the platform has great customer feedback from its community of over 100,000 entities.
After internal investigation, 3Commas discovered that this hack affected only a few user accounts and that its otherwise large-scale operations remain secure and functional.
The platform has strongly advised all its users to enable two-factor authentication (2FA) in the backdrop of this incident.
“The security incident mainly occurred among customers who had not enabled 2FA. Please note that the data accessed does not include your secret API data and account passwords. In response to the few customer reports, we took immediate measures to address the situation,” the Estonian-based company said.
3Commas explained in its official post the security changes it has made to its system.
“We’ve changed the approach to password resets and implemented additional functionality so that now, after password resets, all API connections are disabled to provide an extra layer of security. In the meantime, our services are running normally and we will continue to operate in a state of heightened alert,” the post said.
So far, details about the finances that may have been stolen or moved as part of this attack remain secret.
However, this is not the first time that 3Commas user accounts have been breached by infamous cyber hacking.
In October 2022, 3Commas’ API keys were leaked, leading to unauthorized transactions leaking into victims’ accounts.
Hackers continue to target the crypto sector because not only are crypto transactions largely untraceable, but the lack of regulations to govern the sector also gives them loopholes to stay ahead of law enforcement agencies.
In the last leg of September, Web3 company Mixin Network was hacked, leading to losses worth $200 million (approximately Rs. 1,662 crore) from its account.
In fact, money stolen in crypto frauds, hacks and carpet pulling crossed the $656 million (roughly Rs. 5,454 crore) mark in the first half of 2023, according to a report by Web 3.0 security firm Beosin in July.