Unauthorized Account Registrations Using Email Addresses from 3rd Party Sources

Dear 3Commas Users,

Between July 20th to July 21st, we saw an influx of approximately 75,000 new user registrations, which initial data shows is likely to be bot activity. These bots appear to be attempting to identify registered email addresses for potential future scam and phishing operations. These emails are likely to have been collected from one or more crypto exchanges or services that may no longer be functional business entities.

To counter this, on July 21st we implemented an additional CAPTCHA from Cloudflare to stop the automated registrations. Also, as part of our existing new user verification process, a confirmation message is sent to the registered email address which only people with access to the mailbox can confirm before the new 3Commas account is fully created. However, we advise all users to stay vigilant and take the following precautions:

If you did not create an account and received a message to confirm your account, please do not confirm the email, report it to our support team immediately at [email protected] using the email address the message was sent to.

Monitor Your Accounts: If you notice any unauthorized or suspicious activity, such as a new 3Commas account being created with one of your emails, please report it to our support team immediately. Malicious actors cannot create a new account with an email used on an existing account. 

Check Secondary Email Accounts: If you utilize more than one email account for crypto activities, please ensure that you check all of them to confirm they haven’t been compromised. 

Secure Your Email: Be cautious of unexpected emails or phone calls.The 3Commas Support Team will never contact you by phone or send you unsolicited links or file attachments  Avoid clicking on links from unknown or suspicious sources.

Update Your Security: Ensure that your passwords are strong and unique. Make sure you have enabled two-factor authentication for added security on every platform that offers it.

1. Log-in to 3Commas and head to the User Settings page
2. Change your password
3. Enable 2FA (multi-factor authentication), if you have not already done so
4. Additionally, you may find it useful to check your email address with a service like haveibeenpwned.com (or other similar services) to see if your email address is listed as part of a known security event

We urge all users to read our 3Commas Security help article, which contains lots of useful information and tips to enhance the security of their account.

We are working on obtaining more information and formulating additional responses for this issue. Thank you for understanding. 

For further updates and support, please stay tuned to our official communication channels.