FTX Exchange Users Lose Millions in Exploit – Here’s What You Need to Know
Users of the popular crypto exchange FTX have lost millions of dollars to a phishing exploit using a fake version of a website belonging to the trading platform 3Commas. However, FTX has promised to make their users whole again.
The phishing exploit was first reported by Chinese crypto journalist Colin Wu, who runs the popular Wu Blockchain Twitter account, saying that one user found that his FTX account had been trading on its own via a third-party API connection.
The trades reportedly took place on the third-part trading platform 3Commas, and were sent to FTX via an API connection – a common technology used to have different online platforms communicate with each other.
A new method of stealing coins is emerging: contra trade. On October 19th, a user suddenly found that his FTX account using the 3commas API was trading DMG more than 5,000 times, stealing nearly $1.6 million such as BTC, ETH, FTT, etc. from his account. pic.twitter.com/cpxoCSdLiZ— Wu Blockchain (@WuBlockchain) October 21, 2022
According to the Twitter account, FTX has admitted that the 3Commas API key has been leaked, and that this was not an isolated case.
“[…] there have been four incidents of coin theft by stealing API KEYs and contra trading in FTX,” a tweet posted later said, while noting that three of the cases were linked to 3Commas.
WuBlockchain learned that there have been four incidents of coin theft by stealing API KEYs and contra trading in FTX. Three of the cases were related to 3Commas, which 3Commas said was because users landed on fake websites. https://t.co/aigUYBg8bQ pic.twitter.com/oa41jofzOW— Wu Blockchain (@WuBlockchain) October 22, 2022
The situation was later addressed in tweet by 3Commas, where the trading platform said that the situation is treated with “top priority.”
“We have the highest security with 2FA and OTP on login etc to ensure that user accounts are always secure. We are in touch with the user to ensure they get all the support needed,” the company further added.
Shortly after, a blog post by 3Commas went into further detail on the incident, saying the theft of API keys happened on phishing websites “mocked up to resemble the 3Commas interface.”
“There have been no breaches of either 3Commas’ account security and API encryption systems, nor the account security and API encryption systems of our partner exchanges,” the trading platform stressed, while noting that “only three users claim to have been affected.”
SBF: FTX has “huge number of controls in place”
Commenting on the incident late Sunday night UTC time, FTX CEO Sam Bankman-Fried said on Twitter that phishing scams in crypto lately have become “sophisticated.”
He added that FTX has “a huge number of controls in place” to prevent fake versions of its own website from popping up and fooling users, but also made it clear that there is little the exchange can do about other websites being impersonated.
Despite Bankman-Fired insisting on the issue with the latest phishing attack being an issue with 3Commas’ website and not FTX’s, he did promise that his exchange will compensate affected FTX users this time.
“THIS IS A ONE-TIME THING AND WE WILL NOT DO THIS GOING FORWARD,” the exchange boss made clear.
13) But in this particular case, we will compensate the affected users.— SBF (@SBF_FTX) October 23, 2022
THIS IS A ONE-TIME THING AND WE WILL NOT DO THIS GOING FORWARD.
THIS IS NOT A PRECEDENT.
We will not making a habit of compensating for uses getting phished by fake versions of other companies!
For now, both FTX and 3Commas have disabled all APIs for accounts deemed to have suspicious activity. Affected users will instead be asked to create new API keys.