3Commas hit with second security breach in a year

In a recent blog post, 3Commas disclosed that their internal investigation had uncovered unauthorized access to customer account data

by Sebastian Sinclair /

October 10, 2023 08:34 am

Fit Ztudio/Shutterstock, modified by Blockworks

Trading platform 3Commas has once again come into the spotlight following the disclosure of a security breach on Sunday, affecting a number of user accounts.

According to the release, the platform received reports from customers about unauthorized trades occurring shortly after their passwords had been reset.

Following an internal investigation, 3Commas revealed in a blog post that there had been unauthorized access to customer account data.

The breach is being touted as a limited one, with unauthorized trades being carried out predominantly on accounts of users who had not enabled two-factor authentication (2FA), 3Commas said.

Newsletter

Subscribe to The Breakdown

API secret data and account passwords are said not among the compromised information. Blockworks has reached out to learn more.

In response, 3Commas said it has modified its password reset process. The platform claims to have now instituted a policy where all API connections are disabled following a password reset — intended to act as an added security layer.

Following the incident, the company attempted to reassure its user base that it will continue to “operate in a state of heightened alert.”

The breach on Sunday is reminiscent of an earlier incident in December, where a significant leak led to the API keys of approximately 100,000 3Commas customers being posted publicly by malevolent actors.

That incident triggered a review of the platform’s security framework, with the company seeking expertise from cybersecurity professionals.

A third related incident in October 2022 prompted former FTX CEO Sam Bankman-Fried, currently on trial for alleged fraud and money laundering charges, to reimburse $6 million to customers affected by a phishing attack.

Multiple security lapses within a year underscore the challenges faced by the trading platform in an ongoing bear market marked by increasing cyber threats.

Get the news in your inbox. Explore Blockworks newsletters:

The Breakdown: Decoding crypto and the markets. Daily.
0xResearch: Alpha in your inbox. Think like an analyst.

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2026

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy tickets learn more

recent research

Research

Neutrl: Unlocking Institutional OTC Yield for Stablecoins

Neutrl is a synthetic dollar protocol designed to monetize structural inefficiencies in crypto markets, with a particular focus on hedged OTC token arbitrage. By pairing discounted locked-token purchases with delta-neutral hedging, the protocol offers yields that are less dependent on funding rate cycles than traditional cash and carry strategies. Early traction has been strong, with TVL growing from $120M to $210M following the removal of deposit caps, while sNUSD currently yields materially more than competing yield-bearing stablecoins. The key question for Neutrl is scalability: whether access to high-quality OTC deal flow and disciplined liquidity management can support continued TVL growth without compressing returns.

by Kunal Doshi