Wells Fargo Customers’ Data Exposed, Used for Fraud in ‘Preventable Hack’, Alleges New Class Action Lawsuit

October 20, 2024 The Daily Hodl

Hacked Japanese Crypto Exchange to Raise 50 Billion Yen to Repay Customers

June 5, 2024 Bitcoin.com

3Commas on ‘heightened alert’ after several user accounts hacked

October 10, 2023 Coin Telegraph

2FA

The firm has implemented additional security measures following an investigation that found “only a few” 3Commas user accounts were compromised.

Crypto trading bot provider 3Commas is on “heightened alert” after some of its user’s accounts were compromised and used to place trades.

An Oct. 8 blog post from 3Commas co-founder and CEO Yuriy Sorokin said it received reports from users concerning unauthorized trades on their accounts after resetting their passwords.

An investigation found “only a few customer accounts” were compromised and unauthorized trades made. 3Commas did not disclose the number of users affected.

Notice of Incident. We've identified a security incident that has come to our attention concerning the security of 3Commas accounts. Learn more and stay secure:
Read our Blog Post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj
— 3Commas (@3commas_io) October 8, 2023

“We will continue with our investigation into this matter,” Sorokin wrote. “Please note, however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert.”

The accounts with unauthorized trades mostly had not enabled two-factor authentication (2FA), according to 3Commas. It said the data accessed did not include user API data or passwords.

As additional security measures, the firm said it implemented a new approach to resetting passwords and disabled API connections after a user resets their password. It recommended that users enable two-factor authentication and regularly change their password.

In December 2022, the firm disclosed an incident from that October where user API keys had been leaked, leading to unauthorized trades on victim accounts.

Sorokin and 3Commas initially denied a breach had taken place and instead suggested its customers had been phished. It later relented and Sorokin admitted there had been an API leak from 3Commas.

3Commas users affected by the API leak called for refunds and an apology for being gaslighted.

“We regret that such an incident has taken place,” said Sorokin on the latest incident. He added that 3Commas is improving its security to prevent or limit similar future incidents.

3Commas did not immediately respond to Cointelegraph’s request for comment.

Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in

Hacker Steals $6.9 Million From Arbitrum-Based Defi Protocol Lodestar Finance

December 11, 2022 Bitcoin.com

Mango Markets exploiter said actions were ‘legal,’ but was it?

October 18, 2022 Coin Telegraph

Avraham Eisenberg

A crypto lawyer believes the Mango Markets exploiter Avraham Eisenberg could still face consequences despite users supposedly agreeing not to pursue legal action.

The $117 million Mango Markets exploiter has defended that their actions were ‘legal,’ but a lawyer suggests that they could still face consequences.

Self-described digital art dealer Avraham Eisenberg, outed himself as the exploiter in a series of tweets on Oct. 15 claiming he and a team undertook a “highly profitable trading strategy” and that it was “legal open market actions, using the protocol as designed.”

I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.
— Avraham Eisenberg (@avi_eisen) October 15, 2022

The Oct. 11 exploit worked through Eisenberg and his team manipulating the value of their posted collateral — the platforms’ native token MNGO — to higher prices, then taking out significant loans against their inflated collateral which drained Mango’s treasury.

Michael Bacina, partner at Australian law firm PiperAlderman told Cointelegraph “if this had occurred in a regulated financial market it would be likely seen as market manipulation.”

“Price manipulation is a cousin of misrepresentation, and in many jurisdictions engaging in misleading and deceptive conduct is unlawful and grounds for legal claims.”

Eisenberg has committed to “making all users whole” and negotiations between him and the Mango Decentralized Autonomous Organization (DAO) have resulted in the DAO voting that Eisenberg be allowed to keep $47 million as a “bug bounty," while the rest will be sent back to the treasury.

A stipulation as part of the proposal states MNGO token holders “will not pursue any criminal investigations or freezing of funds” as Eisenburg has sent back the agreed portion of the exploited cryptocurrency.

However, Bacina said it’s “unlikely” that Eisenburg would be released from all liability, even from those that voted for the proposal, given the wording of the proposal are “weak," commenting:

“The wording of the proposal is weak and the circumstances are such that the offer of a release are questionable.”

That being said, Bacina said there might be a “limited commercial incentive” to sue Eisenburg as any legal claims would be reduced by the amount a member received due to the proposal.

“Assuming claims survive the proposal, any claims would still need to be reduced by any amounts which had been received by a member as a result of the proposal, which may mean many members have limited commercial incentive to sue Mr Eisenberg,” he explained.

Part of the $67 million worth of crypto returned to the platform will now be used to reimburse affected users under the reimbursement plan approved by the DAO.

Eisenberg maintains the exploited crypto he returned is similar to automatic deleveraging on cryptocurrency exchanges where a portion of profits from profitable traders is recovered to cover losses by the exchange.

Cointelegraph contacted Eisenberg for comment but did not immediately receive a response.

hacked