FTX API Keys Linked to 3Commas Exploited

FTX API Keys Linked to 3Commas Exploited

UTC by Bhushan Akolkar · 2 min read
FTX API Keys Linked to 3Commas Exploited
Photo: Depositphotos

In the recent case of API keys stolen from FTX accounts, chief Sam Bankman-Fried announced to return $6 million in users’ lost funds.

A suspicious trading activity led to an investigation by the trading-bot platform 3Commas and cryptocurrency exchange FTX. The investigation revealed that API keys linked 3Commas were used to conduct unauthorized trades for DMG trading pairs on FTX.

Last week on Oct 20, the 3Commas team got alerted when several FTX API keys connected to the platform performed unauthorized trades. Later, 3Commas confirmed that the API keys weren’t taken from the platform but a third-party phishing attack.

Further investigation showed that there were multiple websites claiming to be 3Commas. These fraudulent websites tricked users into connecting their exchange accounts. 3Commas believes that a third-party malware or extension must be involved in this activity. It added:

“The API keys were then stored by the fake website and later used to place the unauthorized trades on the DMG trading pairs on FTX”.

The trading-bot platform 3Commas further added that it was not be blamed for the user data falling into wrong hands. The trading bot platform noted:

“To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys. This is an issue that has affected multiple users who have never been customers of 3Commas so there is no possibility that it is a leak of API keys originating from 3Commas.”

From the API exploit, one of the Twitter users calimedto have lost more than $1.5 million. The same has been verified by data analytics firm PeckShield.

FTX Chief Announces Compensation

FTX Chief Sam Bankman-Fried wrote a detailed Twitter thread about how phishing attacks have got common in the crypto space. He further explained that the FTX team has been taking all measures to counter such attacks. However, it sometimes becomes difficult to control websites masquerading as the crypto exchange.

For this particular case, SBF said that they have decided to compensate the users. However, he warned users that this would be the last time he would be compensating users’ with a total of $6 million in losses. SBF said that “THIS IS A ONE-TIME THING AND WE WILL NOT DO THIS GOING FORWARD. THIS IS NOT A PRECEDENT. We will not making a habit of compensating for uses getting phished by fake versions of other companies!”

The crypto billionaire also stated that if the hackers give away 95% of the $6 million stolen from FTX accounts within 24 hours, “we’ll absolve them”.

Altcoin News, Blockchain News, Cryptocurrency News, News
Related Articles