FTX Exchange Users Lose Millions in Exploit – Here’s What You Need to Know

Last updated:
Author
Author
Fredrik Vold
Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Source: AdobeStock / Rafael Henrique

Users of the popular crypto exchange FTX have lost millions of dollars to a phishing exploit using a fake version of a website belonging to the trading platform 3Commas. However, FTX has promised to make their users whole again.

The phishing exploit was first reported by Chinese crypto journalist Colin Wu, who runs the popular Wu Blockchain Twitter account, saying that one user found that his FTX account had been trading on its own via a third-party API connection.

“[the] API was trading DMG more than 5,000 times, stealing nearly $1.6 million such as BTC, ETH, FTT, etc. from his account,” the Twitter account explained.

The trades reportedly took place on the third-part trading platform 3Commas, and were sent to FTX via an API connection – a common technology used to have different online platforms communicate with each other.

According to the Twitter account, FTX has admitted that the 3Commas API key has been leaked, and that this was not an isolated case.

“[…] there have been four incidents of coin theft by stealing API KEYs and contra trading in FTX,” a tweet posted later said, while noting that three of the cases were linked to 3Commas.

The situation was later addressed in tweet by 3Commas, where the trading platform said that the situation is treated with “top priority.”

“We have the highest security with 2FA and OTP on login etc to ensure that user accounts are always secure. We are in touch with the user to ensure they get all the support needed,” the company further added.

Shortly after, a blog post by 3Commas went into further detail on the incident, saying the theft of API keys happened on phishing websites “mocked up to resemble the 3Commas interface.”

“There have been no breaches of either 3Commas’ account security and API encryption systems, nor the account security and API encryption systems of our partner exchanges,” the trading platform stressed, while noting that “only three users claim to have been affected.”

SBF: FTX has “huge number of controls in place”

Commenting on the incident late Sunday night UTC time, FTX CEO Sam Bankman-Fried said on Twitter that phishing scams in crypto lately have become “sophisticated.”

He added that FTX has “a huge number of controls in place” to prevent fake versions of its own website from popping up and fooling users, but also made it clear that there is little the exchange can do about other websites being impersonated.

Despite Bankman-Fired insisting on the issue with the latest phishing attack being an issue with 3Commas’ website and not FTX’s, he did promise that his exchange will compensate affected FTX users this time.

“THIS IS A ONE-TIME THING AND WE WILL NOT DO THIS GOING FORWARD,” the exchange boss made clear.

For now, both FTX and 3Commas have disabled all APIs for accounts deemed to have suspicious activity. Affected users will instead be asked to create new API keys.

More Articles

Features
Who is Pierre Poilievre? The Bitcoiner Who Could Be Canada’s Next Leader
Connor Sephton
Connor Sephton
2025-01-17 09:55:19
Altcoin News
Sol Strategies Stock Price Blasts 27% Higher After Launch of Solana Mobile Staking App
Gary McFarlane
Gary McFarlane
2025-01-17 09:53:05
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors