Currencies29393
Market Cap$ 2.16T-3.31%
24h Spot Volume$ 69.31B+49.5%
DominanceBTC51.45%+0.32%ETH16.55%-1.68%
ETH Gas9 Gwei
Cryptorank
MainNews3Commas Suff...

3Commas Suffers Security Incident


3Commas Suffers Security Incident
Oct, 10, 2023
2 min read
by CryptoPotato
3Commas Suffers Security Incident

3Commas, a popular crypto trading bot, provides smart trading solutions for investors worldwide.

Unfortunately, the popularity of the tool also makes it a big glowing target for bad actors, who are sometimes successful in their attempts at getting ahold of user data – or even the bot’s API data.

Fortunately, the most recent attack was far more limited in scope.

Unauthorized Trades Reported

Towards the end of the weekend, 3Commas began receiving reports from users who saw that unauthorized trades were being made on their accounts.

Although the whole point of the trading bot is to allow automated – or nearly automated – trades, these operations still generally require inputs and guidelines from the user, which quickly ruled out an issue with the bot’s software.

After a preliminary investigation – which is being followed up by an internal one – the devs noticed that these trades took place shortly after the affected users had reset their passwords, pointing to a data breach whose author is as of yet unknown.

Lack of 2FA Was The Likely Culprit

The users’ API data and passwords themselves, however, had not been compromised. Most of the accounts affected also lacked Two-Factor Authentication, which could help the devs locate the attackers’ point of entry better.

“Our current understanding is that a security incident took place, which presumably resulted in unauthorized access to customer account data. Fortunately, in only a few customer accounts were passwords reset and alleged unauthorized trades conducted. The latter mainly affected customers who had not enabled two-factor authentication (2FA). Please note that the data accessed did not include your API secret data and account passwords.”

Until the investigation is concluded, 3Commas devs have advised users to change their passwords and enable 2FA if they have not done so already.

Since unauthorized trades had previously taken place shortly after a password reset, the devs implemented a stopgap measure that disconnects the user from the API after a password reset.

In order to start trading again, a user has to reconnect manually, preventing a bad actor from hijacking their account.

Unfortunately, the event has caused yet another loss of reputation for 3Commas, whose userbase pointed out that over three security breaches had taken place in less than a year and who are, understandably, quite upset.

The post 3Commas Suffers Security Incident appeared first on CryptoPotato.

Read the article at CryptoPotato

Read More

Fake X accounts lead to record-setting crypto phishing attacks of $341 million

Fake X accounts lead to record-setting crypto phishing attacks of $341 million

Crypto phishing exploits in the first half of this year reached $341 million, surpass...
Jul, 05, 2024
2 min read
by CryptoSlate
Bittensor proposes burning 10% supply to stabilize TAO following $8 million exploit

Bittensor proposes burning 10% supply to stabilize TAO following $8 million exploit

OpenTensor Foundation (OTF) has proposed burning 10% of the Bitttensor (TAO) supply t...
Jul, 03, 2024
3 min read
by CryptoSlate
MainNews3Commas Suff...

3Commas Suffers Security Incident


3Commas Suffers Security Incident
Oct, 10, 2023
2 min read
by CryptoPotato
3Commas Suffers Security Incident

3Commas, a popular crypto trading bot, provides smart trading solutions for investors worldwide.

Unfortunately, the popularity of the tool also makes it a big glowing target for bad actors, who are sometimes successful in their attempts at getting ahold of user data – or even the bot’s API data.

Fortunately, the most recent attack was far more limited in scope.

Unauthorized Trades Reported

Towards the end of the weekend, 3Commas began receiving reports from users who saw that unauthorized trades were being made on their accounts.

Although the whole point of the trading bot is to allow automated – or nearly automated – trades, these operations still generally require inputs and guidelines from the user, which quickly ruled out an issue with the bot’s software.

After a preliminary investigation – which is being followed up by an internal one – the devs noticed that these trades took place shortly after the affected users had reset their passwords, pointing to a data breach whose author is as of yet unknown.

Lack of 2FA Was The Likely Culprit

The users’ API data and passwords themselves, however, had not been compromised. Most of the accounts affected also lacked Two-Factor Authentication, which could help the devs locate the attackers’ point of entry better.

“Our current understanding is that a security incident took place, which presumably resulted in unauthorized access to customer account data. Fortunately, in only a few customer accounts were passwords reset and alleged unauthorized trades conducted. The latter mainly affected customers who had not enabled two-factor authentication (2FA). Please note that the data accessed did not include your API secret data and account passwords.”

Until the investigation is concluded, 3Commas devs have advised users to change their passwords and enable 2FA if they have not done so already.

Since unauthorized trades had previously taken place shortly after a password reset, the devs implemented a stopgap measure that disconnects the user from the API after a password reset.

In order to start trading again, a user has to reconnect manually, preventing a bad actor from hijacking their account.

Unfortunately, the event has caused yet another loss of reputation for 3Commas, whose userbase pointed out that over three security breaches had taken place in less than a year and who are, understandably, quite upset.

The post 3Commas Suffers Security Incident appeared first on CryptoPotato.

Read the article at CryptoPotato

Read More

Fake X accounts lead to record-setting crypto phishing attacks of $341 million

Fake X accounts lead to record-setting crypto phishing attacks of $341 million

Crypto phishing exploits in the first half of this year reached $341 million, surpass...
Jul, 05, 2024
2 min read
by CryptoSlate
Bittensor proposes burning 10% supply to stabilize TAO following $8 million exploit

Bittensor proposes burning 10% supply to stabilize TAO following $8 million exploit

OpenTensor Foundation (OTF) has proposed burning 10% of the Bitttensor (TAO) supply t...
Jul, 03, 2024
3 min read
by CryptoSlate