Protecting Your Crypto: 3Commas Security Insights and Best Practices

DATE PUBLISHED: JAN 12, 2025
8 MIN

Discover how 3Commas safeguards your trading activities with robust security measures. Learn about current cybersecurity threats and actionable best practices to keep your crypto assets safe.

Start Trading on 3Commas Today

Get full access to all 3Commas trading tools with free trial period

When the crypto market is bullish, bad guys try harder

At 3Commas, safeguarding your account and personal information is our top priority. With the recent surge in the crypto market, we’d like to revisit our security practices as well as take a look at the current threat environment and what you as a user can do to protect your account.

We have implemented a comprehensive suite of security measures to protect your data and assets, but these are not foolproof, particularly if the computer you trade on has been compromised. 3Commas has worked with security experts and our exchange partners to develop these measures and stay up to date on novel attack vectors.

Let’s start with an examination of the current security environment.

Understanding Current Cybersecurity Threats

In today's digital landscape, it's crucial to be aware of prevalent cybersecurity threats and their methodologies:

  • Phishing Attacks: Attackers impersonate reputable entities to deceive individuals into revealing sensitive information, such as login credentials or financial details. These attacks often occur via email, instant messaging, or fraudulent websites. In the crypto community, hackers often push malicious links through Telegram chat groups. With the amount of personal data stored on a phone, this has proven to be an incredibly effective manner of discovering passwords and account keys.

  • Ransomware: Malicious software that encrypts a victim's data, rendering it inaccessible until a ransom is paid. Ransomware attacks can cause significant operational disruptions and financial losses. This threat is more targeted towards businesses, but high net worth traders should absolutely consider themselves to be a potential target for the criminal organizations that specialize in Ransomware attacks.

  • Social Engineering: Manipulative tactics employed by attackers to trick individuals into divulging confidential information or performing actions that compromise security. This includes techniques like pretexting, baiting, and tailgating. For crypto traders, this could include people active in your trader chats who encourage you to check out a new coin or trading tool by leading you to an infected website that installs malware on your phone or computer.

  • Advanced Persistent Threats (APTs): Sophisticated, continuous hacking processes often orchestrated by well-funded groups, including state-sponsored actors. APTs aim to gain prolonged access to networks to steal sensitive information. Once again, these groups normally target businesses, but with institutional traders increasingly entering the crypto space, it is logical to expect criminal organizations to try to compromise trading firms, family offices, and other individuals and organizations who hold a substantial amount of crypto assets.

  • Supply Chain Attacks: Cyberattacks that target less-secure elements within an organization's supply chain to infiltrate their network. By compromising a third-party vendor, attackers can gain access to the primary target's systems. Think of all the sites you visit for crypto news, or your personal email. Any of them could be a security vulnerability because they represent an access point to your device. Once hackers find one open door, they’re often able to access more confidential information much more easily.

  • Insider Threats: Risks originating from individuals within an organization, such as employees or contractors, who misuse their access to harm the organization's systems or data. This can include data theft, sabotage, or espionage.This is largely a concern for people who trade as part of a team or organization where access to trading accounts is shared by multiple people. All it takes is one person to be careless, such as sharing a password on an unencrypted channel like gmail or SMS, for the accounts to be compromised.

3Commas Security Measures

We’ve centered our security measures on blocking unauthorized external access to API keys and only allowing commands to be sent from authorized IP addresses. For security reasons, we are not doing a deep dive into our full suite of information security tools and procedures. 

  • Sign Center: Our secure API key storage system, Sign Center, is isolated at both infrastructure and access levels. When executing a trade, our servers request Sign Center to sign the transaction, ensuring your API keys remain confidential.

  • API Key IP Whitelisting: We support IP whitelisting for API keys on compatible exchanges. By restricting API access to specific IP addresses, unauthorized attempts from outside 3Commas are effectively blocked.

  • Fast Connect with OAuth Protocol: Available on exchanges like OKX and Binance, Fast Connect allows for seamless authorization without manual API key entry. This method uses access tokens to authorize trades, ensuring your API keys are never exposed.

  • Two-Factor Authentication (2FA): We strongly recommend enabling 2FA on your 3Commas account and connected exchange accounts. This adds an extra layer of security, requiring verification beyond just your password.

Best Practices for Account Security

A security vulnerability for an exchange or a trading software service such as 3Commas comes from traders operating on compromised devices. All of our carefully considered security measures may not protect you if a third party has remotely logged onto your accounts on your computer and is sending commands from your IP address.

To enhance your account security, consider the following measures:

  • Use Strong, Unique Passwords: Employ complex passwords that are unique to your 3Commas and exchange accounts. Utilizing a password manager can assist in creating and storing these securely.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on all your accounts, including 3Commas and connected exchanges, to provide an additional verification step during login. This is incredibly effective because it greatly increases the complexity of the task for hackers to compromise your device and your trading computer. Criminal organizations don’t like complex challenges. They like easy targets, so don’t be an easy target.

  • Be Vigilant Against Phishing Attempts: Always verify the authenticity of emails and websites before entering your credentials. Be cautious of unsolicited communications requesting personal information. Don’t follow links sent through public groups on Discord, Telegram, or Signal.

  • Regularly Monitor Account Activity: Keep an eye on your account for any unauthorized actions. Setting up alerts can help you stay informed about account activities.

  • Secure Your Devices: Protect your devices with PIN codes or biometric authentication, and avoid storing sensitive information in unencrypted formats. Ensure your devices are free from malware and unauthorized access.

  • Avoid Reusing Passwords Across Multiple Accounts: Using the same password for multiple accounts increases vulnerability. Ensure each account has a distinct password to prevent a single breach from compromising multiple services.

  • Be Cautious with Public Wi-Fi: Avoid accessing your accounts over public Wi-Fi networks, as they can be less secure and more susceptible to interception by malicious actors. If necessary, use a virtual private network (VPN) to encrypt your connection.

  • Keep Software and Devices Updated: Regularly update your devices and applications to ensure they have the latest security patches. Outdated software can have vulnerabilities that cybercriminals exploit.

  • Educate Yourself on Social Engineering Tactics: Be aware of common social engineering tactics, such as phishing, pretexting, and baiting, which attackers use to manipulate individuals into divulging confidential information. Understanding these methods can help you recognize and avoid potential threats.

By staying informed about these threats and implementing robust security measures, you can significantly enhance the protection of your accounts against common cybersecurity challenges.

Stay up to date with 3Commas security enhancements by bookmarking our Help Center article