. 2 min read

FTX Exchange Users Lose Millions in Exploit – Here’s What You Need to Know

Disclosure: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. By using this website, you agree to our terms and conditions. We may utilise affiliate links within our content, and receive commission.
Source: AdobeStock / Rafael Henrique

Users of the popular crypto exchange FTX have lost millions of dollars to a phishing exploit using a fake version of a website belonging to the trading platform 3Commas. However, FTX has promised to make their users whole again.

The phishing exploit was first reported by Chinese crypto journalist Colin Wu, who runs the popular Wu Blockchain Twitter account, saying that one user found that his FTX account had been trading on its own via a third-party API connection.

“[the] API was trading DMG more than 5,000 times, stealing nearly $1.6 million such as BTC, ETH, FTT, etc. from his account,” the Twitter account explained.

The trades reportedly took place on the third-part trading platform 3Commas, and were sent to FTX via an API connection – a common technology used to have different online platforms communicate with each other.

According to the Twitter account, FTX has admitted that the 3Commas API key has been leaked, and that this was not an isolated case.

“[…] there have been four incidents of coin theft by stealing API KEYs and contra trading in FTX,” a tweet posted later said, while noting that three of the cases were linked to 3Commas.

The situation was later addressed in tweet by 3Commas, where the trading platform said that the situation is treated with “top priority.”

“We have the highest security with 2FA and OTP on login etc to ensure that user accounts are always secure. We are in touch with the user to ensure they get all the support needed,” the company further added.

Shortly after, a blog post by 3Commas went into further detail on the incident, saying the theft of API keys happened on phishing websites “mocked up to resemble the 3Commas interface.”

“There have been no breaches of either 3Commas’ account security and API encryption systems, nor the account security and API encryption systems of our partner exchanges,” the trading platform stressed, while noting that “only three users claim to have been affected.”

SBF: FTX has “huge number of controls in place”

Commenting on the incident late Sunday night UTC time, FTX CEO Sam Bankman-Fried said on Twitter that phishing scams in crypto lately have become “sophisticated.”

He added that FTX has “a huge number of controls in place” to prevent fake versions of its own website from popping up and fooling users, but also made it clear that there is little the exchange can do about other websites being impersonated.

Despite Bankman-Fired insisting on the issue with the latest phishing attack being an issue with 3Commas’ website and not FTX’s, he did promise that his exchange will compensate affected FTX users this time.


For now, both FTX and 3Commas have disabled all APIs for accounts deemed to have suspicious activity. Affected users will instead be asked to create new API keys.