3Commas, a provider of cryptocurrency trading bots, has heightened its security measures in response to recent compromises of some user accounts leading to unauthorised trades.

In an updated 9 October blog post, 3Commas' co-founder and CEO, Yuriy Sorokin, acknowledged reports from users regarding unauthorised trading activities after resetting their passwords.

Upon investigation, it was determined that only a small number of customer accounts had been compromised, although the exact number was not disclosed.

Notably, most of the affected accounts lacked two-factor authentication (2FA).

Importantly, 3Commas clarified that the accessed data did not include user API data or passwords.

To bolster security, the company has introduced a new password reset procedure and temporarily disables API connections following password resets.

Additionally, 3Commas strongly recommended users enable 2FA and regularly update their passwords.

Yuriy wrote that:

“We will continue with our investigation into this matter. Please note, however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert."

Not The First Security Breach For 3Commas

This incident follows a previous security issue in December 2022, when 3Commas disclosed an API key leak that resulted in unauthorised trades.

Initially, the company denied a breach and suggested users had fallen victim to phishing attacks.

However, it later confirmed the API leak from its end, which led to calls for refunds and an apology from affected users.

Yuriy acknowledged the regrettable nature of the recent incident and expressed a commitment to enhancing security measures to prevent or mitigate similar occurrences in the future.

It is not surprising that many in the crypto community are disgruntled and have lost faith in the company. Crypto sleuth ZachXBT weighed in as well.