3Commas on ‘heightened alert’ after several user accounts hacked

October 10, 2023 Coin Telegraph

2FA

The firm has implemented additional security measures following an investigation that found “only a few” 3Commas user accounts were compromised.

Crypto trading bot provider 3Commas is on “heightened alert” after some of its user’s accounts were compromised and used to place trades.

An Oct. 8 blog post from 3Commas co-founder and CEO Yuriy Sorokin said it received reports from users concerning unauthorized trades on their accounts after resetting their passwords.

An investigation found “only a few customer accounts” were compromised and unauthorized trades made. 3Commas did not disclose the number of users affected.

Notice of Incident. We've identified a security incident that has come to our attention concerning the security of 3Commas accounts. Learn more and stay secure:
Read our Blog Post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj
— 3Commas (@3commas_io) October 8, 2023

“We will continue with our investigation into this matter,” Sorokin wrote. “Please note, however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert.”

The accounts with unauthorized trades mostly had not enabled two-factor authentication (2FA), according to 3Commas. It said the data accessed did not include user API data or passwords.

As additional security measures, the firm said it implemented a new approach to resetting passwords and disabled API connections after a user resets their password. It recommended that users enable two-factor authentication and regularly change their password.

In December 2022, the firm disclosed an incident from that October where user API keys had been leaked, leading to unauthorized trades on victim accounts.

Sorokin and 3Commas initially denied a breach had taken place and instead suggested its customers had been phished. It later relented and Sorokin admitted there had been an API leak from 3Commas.

3Commas users affected by the API leak called for refunds and an apology for being gaslighted.

“We regret that such an incident has taken place,” said Sorokin on the latest incident. He added that 3Commas is improving its security to prevent or limit similar future incidents.

3Commas did not immediately respond to Cointelegraph’s request for comment.

Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in

Privacy of 100,000 Crypto Traders Compromised As Trading Bot Firm Confirms Hack After Warning From Changpeng Zhao

December 30, 2022 The Daily Hodl

3Commas API leak victims demand refunds and apology for ‘gaslighting’

December 29, 2022 Coin Telegraph

3commas

3Commas finally admitted there was an API leak, after months of refuting community reports that it had occurred. Users were not happy about being "gaslighted."

Victims of the 3Commas API leak are calling for refunds and an apology from the crypto trading platform for being gaslighted over the whole ordeal.

The past couple of months have seen an ongoing back and forth between 3Commas and supposed victims of unauthorized trades coming from their accounts.

3Commas and its CEO Yuriy Sorokin had strongly denied any hack or breach had taken place and had refuted there could have been an inside job from an employee gone rogue. Instead, it suggested any leaked APIs were the result of customers being phished.

you gonna delete these? pic.twitter.com/BwbJkJy8oC
— Daniel Roberts (@readDanwrite) December 28, 2022

On Dec. 28 however, Sorokin finally admitted there had been a sizeable API leak from the firm, confirming a database of API keys shared by a hacker was legitimate:

“We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.”

“We did everything that we could to investigate an inside job, as it was always a possible scenario and on our watch list, but proof of an inside job was not found,” Sorokin added.

The community has been left bewildered by this surprise admission, considering that 3Commas had on Dec. 11 labeled customer reports of a leak as “false rumors shared by bad faith actors using falsified evidence.”

“Just a reminder: For the last 2 months, you have blamed the victims of the hack. You have defamed the victims as ‘bad faith actors’ and alleged they ‘falsified evidence’, when it turns out 3Commas was the ones who were the bad faith actors, lying and falsifying evidence,” wrote Twitter user Pledditor.

Popular crypto trader CoinMamba tweeted that “you kept lying and saying this was our fault instead of taking responsibility and prevented [sic] further exploits. Are you going to refund the users now?”

“Congrats you morons are what’s wrong with the space,” blockchain sleuth ZachXBT chimed in, after he had been posting about the API leak for weeks.

4/ 3Commas finally acknowledged the leak but the damage had already been done. For weeks they have been blaming its users and accepting zero responsibility.

Make sure to never give incompetent clowns like @3commas_io your business ever again. https://t.co/LyNvar7LST pic.twitter.com/RkS6ZgCZEN
— ZachXBT (@zachxbt) December 28, 2022

Comments were just as aggressive in response to the 3Commas tweet confirming the leak, with turgut_oztunc writing: “You are really funny guys. We will see [you in] the court if you don't recover our funds asap.“

This whole company should be held accountable and shut down immediately
— çгчpтåvэłî (@cryptaveli) December 28, 2022

FTX to give a ‘one-time’ $6M compensation to phishing victims

October 24, 2022 Coin Telegraph

<div>FTX to give a 'one-time' M compensation to phishing victims</div>

3commas

FTX founder Sam Bankman-Fried said the exchange won’t be “making a habit of compensating” users that are “phished by fake versions of other companies.”

Cryptocurrency exchange FTX will provide around $6 million in compensation to victims of a phishing scam that allowed hackers to conduct unauthorized trades on certain FTX users’ accounts.

FTX founder and CEO Sam Bankman-Fried posted in a Twitter thread on Oct. 23 that the exchange generally doesn’t award compensation to its users “phished by fake versions of other companies in the space” but in this case, it would compensate users.

Bankman-Fried said that this was a “one-time thing” and FTX would “not do this going forward.”

“THIS IS NOT A PRECEDENT,” he wrote, clarifying it was only the accounts of FTX users that would be reimbursed.

14) But this once, we'll do it; roughly $6m total.

(To be clear, only for FTX accounts! Hopefully other exchanges will comp theirs.)

BUT AGAIN NOT A PRECEDENT, WE WILL NOT GOING FORWARD.
— SBF (@SBF_FTX) October 23, 2022

The recent phishing attack saw attackers gaining user account application programming interface (API) keys which allowed them to conduct unauthorized trades with their crypto exchange accounts.

The attack came to light on Oct. 21 after 3Commas said it was alerted that some of its users had unauthorized trading activity.

After an initial investigation, FTX and 3Commas then suspended the suspicious accounts to avoid further losses and disabled all compromised API keys.

On Oct.19 Bankman-Fried published a blog post detailing his thoughts on crypto regulation that included a proposal he dubbed the “5-5 standard” where hackers keep either $5 million or 5% of the amount they’ve stolen, whatever is smaller.

In his most recent tweet thread, he thought it time to try his newly thought-up standard, imploring the hacker to send back 95%, around $5.7 million, of the stolen funds within 24 hours, saying “we’ll absolve them.”

October has been dubbed “hacktober” by the crypto community as Chainalysis revealed on Oct. 13 that October 2022 has been the “biggest month” ever for hacking activity, despite the report coming out not even halfway through the month.

At the time of the report around $3 billion had been exploited through over 125 separate incidents since the start of the month.

3commas

Share this video