Users of the popular crypto exchange FTX have lost millions of dollars to a phishing exploit using a fake version of a website belonging to the trading platform 3Commas. However, FTX has promised to make their users whole again.
The phishing exploit was first reported by Chinese crypto journalist Colin Wu, who runs the popular Wu Blockchain Twitter account, saying that one user found that his FTX account had been trading on its own via a third-party API connection.
“[the] API was trading DMG more than 5,000 times, stealing nearly $1.6 million such as BTC, ETH, FTT, etc. from his account,” the Twitter account explained.
The trades reportedly took place on the third-part trading platform 3Commas, and were sent to FTX via an API connection – a common technology used to have different online platforms communicate with each other.
According to the Twitter account, FTX has admitted that the 3Commas API key has been leaked, and that this was not an isolated case.
“[…] there have been four incidents of coin theft by stealing API KEYs and contra trading in FTX,” a tweet posted later said, while noting that three of the cases were linked to 3Commas.
The situation was later addressed in tweet by 3Commas, where the trading platform said that the situation is treated with “top priority.”
“We have the highest security with 2FA and OTP on login etc to ensure that user accounts are always secure. We are in touch with the user to ensure they get all the support needed,” the company further added.
Shortly after, a blog post by 3Commas went into further detail on the incident, saying the theft of API keys happened on phishing websites “mocked up to resemble the 3Commas interface.”
“There have been no breaches of either 3Commas' account security and
Read more on cryptonews.com