What is a 3commas hack? How Can You Prevent It?

by ImmuneBytes

Introduction

3commas is a popular trading bot that helps users automate their cryptocurrency trades across different exchanges. It offers features such as smart trading, portfolio management, and automated trading strategies. However, just like any other trading platform, 3commas is not immune to hacks and security breaches. In this article, we will discuss what a 3commas hack is and how you can prevent it.

What is a 3Commas Hack?

Through a network of controlled trading bots, 3Commas enables users to carry out trading plans. Users of the 3Commas service can connect their accounts to specific, supported exchanges’ supported blockchain wallets through this service.

An attacker announced on Pastebin in December 2022 that they had accessed the 3Commas database. They were able to grab API keys with this access that were needed to carry out transactions on other exchanges.

With the stolen API data, these attackers were able to link their own blockchain wallets to exchange accounts and perform trades on the user’s behalf.  As a result, an estimated $20 million in cryptocurrency was maliciously transferred from these exchange accounts to the attackers’ wallets.

Who is Impacted?

The way 3Commas handled the situation was awful for the company’s devoted customers. It is equally painful for users who have lost money as a result of 3Comma’s security error and 3Comma’s persistent denial of it at the same time.

The Luna collapse and the FTX debacle made 2022 unpleasant as it was; 100,000+ users would not have desired the 3Commas breach.

How can you prevent it?

  • Delete/disable the 3Commas-related API key from your exchange dashboard – Deleting the API key you made for 3Commas requires logging into your cryptocurrency exchange account. This should be your first action.
  • Updating the API key with 3Commas ensures that you retain access to your historical data and analytics.
  • Never connect to numerous accounts with the same API key – Be sure to never do this. For instance, cryptocurrency tax software and trading terminals.
  • Label your API key suitably – When creating your API Key, do so. Discipline is all that’s required here.

Lessons Learnt from the Attack

The attack’s precise mechanism has not been established, despite the attacker’s claim that the theft of API keys was an inside job. 3Commas asserts that since the incident, further measures have been adopted to restrict access to and safeguard the database.

The 3Commas hack proves that the proverb “not your keys, not your crypto” is true. Blockchain users run the danger of having their private keys or access to an exchange account with control over a blockchain account compromised by a third party.

Spread the love

You may also like