3Commas Suffers Security Incident

3Commas, a popular crypto trading bot, provides smart trading solutions for investors worldwide.

Unfortunately, the popularity of the tool also makes it a big glowing target for bad actors, who are sometimes successful in their attempts at getting ahold of user data – or even the bot’s API data.

Fortunately, the most recent attack was far more limited in scope.

Unauthorized Trades Reported

Towards the end of the weekend, 3Commas began receiving reports from users who saw that unauthorized trades were being made on their accounts.

Notice of Incident. We’ve identified a security incident that has come to our attention concerning the security of 3Commas accounts. 📚Learn more and stay secure:
Read our Blog Post: https://t.co/sJmfzOJE49 pic.twitter.com/MRJ40D29pj

— 3Commas (@3commas_io) October 8, 2023

Although the whole point of the trading bot is to allow automated – or nearly automated – trades, these operations still generally require inputs and guidelines from the user, which quickly ruled out an issue with the bot’s software.

After a preliminary investigation – which is being followed up by an internal one – the devs noticed that these trades took place shortly after the affected users had reset their passwords, pointing to a data breach whose author is as of yet unknown.

Lack of 2FA Was The Likely Culprit

The users’ API data and passwords themselves, however, had not been compromised. Most of the accounts affected also lacked Two-Factor Authentication, which could help the devs locate the attackers’ point of entry better.

“Our current understanding is that a security incident took place, which presumably resulted in unauthorized access to customer account data. Fortunately, in only a few customer accounts were passwords reset and alleged unauthorized trades conducted. The latter mainly affected customers who had not enabled two-factor authentication (2FA). Please note that the data accessed did not include your API secret data and account passwords.”

Until the investigation is concluded, 3Commas devs have advised users to change their passwords and enable 2FA if they have not done so already.

Since unauthorized trades had previously taken place shortly after a password reset, the devs implemented a stopgap measure that disconnects the user from the API after a password reset.

In order to start trading again, a user has to reconnect manually, preventing a bad actor from hijacking their account.

Unfortunately, the event has caused yet another loss of reputation for 3Commas, whose userbase pointed out that over three security breaches had taken place in less than a year and who are, understandably, quite upset.