Users of the popular crypto exchange FTX have lost millions of dollars to a phishing exploit using a fake version of a website belonging to the trading platform 3Commas. However, FTX has promised to make their users whole again.
The phishing exploit was first reported by Chinese crypto journalist Colin Wu, who runs the popular Wu Blockchain Twitter account, saying that one user found that his FTX account had been trading on its own via a third-party API connection.
“[the] API was trading DMG more than 5,000 times, stealing nearly $1.6 million such as BTC, ETH, FTT, etc. from his account,” the Twitter account explained.
The trades reportedly took place on the third-part trading platform 3Commas, and were sent to FTX via an API connection – a common technology used to have different online platforms communicate with each other.
According to the Twitter account, FTX has admitted that the 3Commas API key has been leaked, and that this was not an isolated case.
“There have been four incidents of coin theft by stealing API KEYs and contra trading in FTX,” a tweet posted later said, while noting that three of the cases were linked to 3Commas.
The situation was later addressed in tweet by 3Commas, where the trading platform said that the situation is treated with “top priority.”
“We have the highest security with 2FA and OTP on login etc to ensure that user accounts are always secure. We are in touch with the user to ensure they get all the support needed,” the company further added.
Shortly after, a blog post by 3Commas went into further detail on the incident, saying the theft of API keys happened on phishing websites “mocked up to resemble the 3Commas interface.”
“There have been no breaches of either 3Commas’ account security and API encryption systems, nor the account security and API encryption systems of our partner exchanges,” the trading platform stressed, while noting that “only three users claim to have been affected.”
SBF: FTX has “huge number of controls in place”
Commenting on the incident late Sunday night UTC time, FTX CEO Sam Bankman-Fried said on Twitter that phishing scams in crypto lately have become “sophisticated.”
He added that FTX has “a huge number of controls in place” to prevent fake versions of its own website from popping up and fooling users, but also made it clear that there is little the exchange can do about other websites being impersonated.
Despite Bankman-Fired insisting on the issue with the latest phishing attack being an issue with 3Commas’ website and not FTX’s, he did promise that his exchange will compensate affected FTX users this time.
“THIS IS A ONE-TIME THING AND WE WILL NOT DO THIS GOING FORWARD,” the exchange boss made clear.
For now, both FTX and 3Commas have disabled all APIs for accounts deemed to have suspicious activity. Affected users will instead be asked to create new API keys.
Social Media Scammers: A ‘Familiar Pattern’ for Crypto Fraudsters
The Fukuoka Prefectural Police’s Investigative Division remarked that the case followed a similar pattern, whereby overseas-based individuals attempt to gain people’s trust on social media sites and dating apps – seeking to trick them into sending their coins to crypto wallets actually run by bogus crypto exchange operators.
Most do this by posing as attractive foreign men or women and then allowing them to “make a profit to gain their trust,” before “defrauding them out of a large sum of money.”
A was quoted as saying:
“I dropped my guard when I saw that I was making a profit. I didn’t know much about crypto. I didn’t even realize that my friend and I were being deceived.”
Last year, convenience store workers successfully stepped in to prevent instances of crypto fraud, while in 2018, a crypto fraudster tricked an 84-year-old woman out of $9,000.