1. Home
  2. Passwords

Passwords

3Commas on ‘heightened alert’ after several user accounts hacked

The firm has implemented additional security measures following an investigation that found “only a few” 3Commas user accounts were compromised.

Crypto trading bot provider 3Commas is on “heightened alert” after some of its user’s accounts were compromised and used to place trades.

An Oct. 8 blog post from 3Commas co-founder and CEO Yuriy Sorokin said it received reports from users concerning unauthorized trades on their accounts after resetting their passwords.

An investigation found “only a few customer accounts” were compromised and unauthorized trades made. 3Commas did not disclose the number of users affected.

“We will continue with our investigation into this matter,” Sorokin wrote. “Please note, however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert.”

The accounts with unauthorized trades mostly had not enabled two-factor authentication (2FA), according to 3Commas. It said the data accessed did not include user API data or passwords.

As additional security measures, the firm said it implemented a new approach to resetting passwords and disabled API connections after a user resets their password. It recommended that users enable two-factor authentication and regularly change their password.

Related: OpenSea ‘unaware’ of any involvement of former exec in $60M rug pull

In December 2022, the firm disclosed an incident from that October where user API keys had been leaked, leading to unauthorized trades on victim accounts.

Sorokin and 3Commas initially denied a breach had taken place and instead suggested its customers had been phished. It later relented and Sorokin admitted there had been an API leak from 3Commas.

3Commas users affected by the API leak called for refunds and an apology for being gaslighted.

“We regret that such an incident has taken place,” said Sorokin on the latest incident. He added that 3Commas is improving its security to prevent or limit similar future incidents.

3Commas did not immediately respond to Cointelegraph’s request for comment.

Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in

MEXC Research: Top 10 Futures Tokens of 2024

Lastpass Data Breach Frightens Users, Some Say Hack ‘May Be Worse Than They Are Letting on’

Lastpass Data Breach Frightens Users, Some Say Hack ‘May Be Worse Than They Are Letting on’People involved in financial tech, software programming, cyber security, and cryptocurrencies have been talking about the Lastpass data breach that was disclosed two days ago. The password management company detailed that a breach, committed earlier this year, allowed hackers to obtain a “backup of customer vault data.” Lastpass Reveals ‘Threat Actor Was Also Able to […]

MEXC Research: Top 10 Futures Tokens of 2024

MetaMask warns of security vulnerability from older versions of popular crypto wallet

"Ultimately, we've learned that our password encryption feature's security was partially undermined by browser behavior," said the team at MetaMask.

On Wednesday, MetaMask said that it uncovered a critical security vulnerability in older versions of its crypto wallet with the help of security researchers at Halborn. The security firm was awarded a bounty of $50,000 for the discovery. 

For users of the MetaMask extension before version 10.11.3, three necessary conditions would have led to the potential vulnerability. They are: 1) an unencrypted hard drive, 2) having imported a secret recovery phrase into a MetaMask extension on a device that was compromised, stolen, or has unauthorized access, and 3) having used the "Show Secret Recovery Phrase" checkbox to view one's secret recovery phrase on-screen during the import process.

"We've only found that the Secret Recovery Phrase could be extracted under very specific circumstances, and we've been able to introduce new protections over the period that Halborn has waited to disclose."

Apparently, the exploit affects all browser versions of MetaMask wallet versions prior to the 10.11.3 update, and all operating systems if all three circumstances were met, but not mobile versions.

MetaMask is warning affected users to migrate their funds from their compromised wallets. However, keep in mind that all three conditions need to have been met for the vulnerability to be active on older versions of MetaMask.

MEXC Research: Top 10 Futures Tokens of 2024

Survey Shows 40% of US Crypto Owners Forget Their Password, 20% Write Passwords on Paper

Survey Shows 40% of US Crypto Owners Forget Their Password, 20% Write Passwords on PaperAccording to a recent study on crypto asset storage and passwords, a survey that polled over 1,000 digital currency owners shows 39.7% have forgotten their passwords. The study produced by cryptovantage.com indicates that users unable to recover their passwords lost an average of $2,134. Survey Polls 1,000 US Crypto Owners, Respondents Invest $7,245 on Average […]

MEXC Research: Top 10 Futures Tokens of 2024

Chinese Police Return Bitcoin to Victim in 3 Million Yuan Theft Case

Chinese Police Return Bitcoin to Victim in 3 Million Yuan Theft CasePolice in China’s Jiangxi province have reportedly recovered bitcoins stolen from a victim and returned them to the owner. The case involves the theft of 8.236 bitcoins, worth approximately 3 million yuan. Police Return Bitcoin to Theft Victim Police in China’s Jiangxi province have reportedly solved a case involving the theft of bitcoins worth almost […]

MEXC Research: Top 10 Futures Tokens of 2024