Hi everyone,
I recently encountered a very concerning issue with my Alpaca account and would appreciate any insights or similar experiences.
Here’s what happened:
-
On Apr 1, 2026, a limit order for LICN at 6.50 was placed and later executed
-
I did not place or authorize this trade
-
The order is recorded as coming from the Dashboard (not API)
-
My account has 2FA enabled, and I did not receive any authentication prompt
-
The same order also appeared in my paper account, which makes this even more confusing
Because of this, I’ve already taken the following steps:
-
Changed my password
-
Regenerated/revoked API keys
-
Checked Windows security logs (no signs of remote access)
-
Reviewed running processes and connections
So far, I have not found evidence of my system being compromised.
However, the trade still happened, and I’m currently trying to understand how this is possible. One hypothesis is that a session or bearer token may have been compromised, but I’m not sure how that could have occurred.
Additional issue:
-
My account is currently set to “liquidation only”, which prevents me from managing existing options positions
-
The LICN trade has resulted in approximately $3,200 in losses so far
I’ve contacted Alpaca support and am waiting for:
-
Investigation results
-
IP / device / session details
-
Clarification on responsibility for the loss
Questions:
-
Has anyone experienced a similar situation where a trade was executed from the Dashboard without their action?
-
Is it possible for Alpaca to log API/session-based trades as “Dashboard”?
-
Any known cases of session/token compromise leading to unauthorized trades?
-
What would you recommend as next steps while waiting for the broker’s response?
I’m trying to stay objective and gather as much information as possible before drawing conclusions. Any help or shared experience would be greatly appreciated.
Thanks in advance.