FTX To Reimburse $6M to 3Commas Phishing Attack Victims

FTX CEO Sam Bankman-Fried warned that reimbursing users affected by the 3Commas phishing scam would be a “one time thing”

by Shalini Nagarajan /
article-image

FTX’s Sam Bankman-Fried | Blockworks exclusive art by axel rangel

share

key takeaways

  • At least three FTX users found millions missing from their accounts due to a phishing attack
  • API provider 3Commas discovered that several fake websites were used to phish its users

FTX CEO Sam Bankman-Fried said the cryptocurrency exchange will hand out $6 million to compensate victims of a phishing scam targeting its users — but never again.

Since last week, at least three FTX users were struck by the scam, in which hackers siphoned millions of dollars from their accounts with unauthorized trades. The attackers gained access by exploiting the 3Commas application programming interface (API) keys, which had been utilized by the affected FTX users.

3Commas is an automated crypto trading bot provider that facilitates automated buying and selling of crypto on major exchanges such as FTX. It’s seen as an efficiency tool, enabling users to easily place hundreds of trades, which is manually demanding.

The attacks were exposed when one FTX user reportedly found his account had traded DMG tokens more than 5,000 times on Oct. 19, which led to extraction of nearly $1.6 million in bitcoin, FTX token, ether and other cryptocurrencies (valued at the time).

A second user disclosed on Oct. 22 that he was a victim of the FTX attack, claiming he lost about 104 bitcoin ($2 million at current price) as a result of the incident. He also claimed he had never used his 3Commas account to set up a bot.

FTX phishing possibly spurred by malware

DMG, the token leveraged by the hackers in their scheme, is the governance token of defunct decentralized finance project DeFi Money Market (DMM), which ceased operations on Feb. 5 after inquiries from the SEC.

DMG’s price has crashed almost 60% since the closure but recovered to $0.02 as of Monday — roughly the same level as when DMM shut down, according to CoinGecko data.

3Commas confirmed that a number of partner exchange API keys were used to perform unauthorized trades for DMG crypto trading pairs on exchange accounts. Traders who had never used 3Commas were also affected by the phishing attack, it said.

Upon further investigation, the team found several fake 3Commas websites that were used to phish its users. Hackers had replicated the design of the website’s interface to capture API keys from users that mistakenly used the fake website to connect their exchange accounts.

3Commas said it further suspects API keys were stolen from users via malware and third-party browser extensions. It denied responsibility and said it was highly unlikely that the security incident originated with 3Commas’ services. FTX declined to comment while 3Commas directed Blockworks to its post-mortem blog.

Bankman-Fried published a Twitter thread expressing frustration at the incident. “Not only was this not FTX getting phished, it wasn’t even an FTX site. And in general we can’t compensate for users getting phished by fake versions of other companies in the space!”

“It isn’t FTX and we have basically no control over it,” Bankman-Fried said.

Loading Tweet..

Bankman-Fried added that FTX has mostly eliminated phishing sites that pose as the exchange itself, but that it can’t do the same for sites impersonating other services.

“To be clear, phishing is almost always a case where the user voluntarily (but unknowingly) gives their account credentials to a scammer by going to a bad site or something like that — but despite that, we take our duty to protect customers seriously, even from themselves,” he tweeted.

In this case, Bankman-Fried has sought fit to reimburse users affected by the 3Commas phishing campaign, but he warned that “this is a one-time thing and we will not do this going forward,” in all caps.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Permissionless III Hackathon

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

learn more

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

learn more

recent research

Research Report Templates (1).png

Research

Why Solana Mobile Should 100x Their Phone Production

Solana Mobile is a highly ambitious foray into the mobile consumer hardware market, seeking to open up a crypto-native distribution channel for mobile-first applications. The market for Solana Mobile devices has demonstrated a phenomenon whereby external market actors (e.g. Solana-native projects) continuously underwrite subsidies to Mobile consumers. The value of these subsidies, coming in the form of airdrops, trial programs, and exclusive NFT mints, have consistently covered the cost of the phone and generated positive returns for consumers. Given this trend in subsidies, the unit economics in the market for Mobile devices, and the initial growth rate and trajectory of sales, it should be expected that Solana mobile can clear 1M to 10M units over the coming years. As more devices circulate amongst users, Solana Mobile presents a promising venue for the emergence of killer-applications uniquely enabled by this mobile-first, crypto-native distribution channel.

by Luke Leasure

/

news

article-image

Analysis

Empire Newsletter: How US presidencies map to crypto markets

Plus, breaking down Donald Trump’s shifting crypto stance

by Katherine Ross&David Canellis /
article-image

DeFiMarkets

Mt. Gox customers to receive crypto assets after 10-year wait

Markets are holding relatively steady despite the supply shock

by Donovan Choy /
article-image

Markets

Markets brace for volatility as VIX rises to highest level since April 

Analysts are looking ahead to August, a historically volatile month made more interesting this year by the US presidential election

by Casey Wagner /
article-image

Analysis

On the Margin Newsletter: A notoriously rough month for markets is upcoming

Plus, a look into Lighting Labs’ newest feature

by Casey Wagner /
article-image

Opinion

Crypto investors must embrace new tax rules or risk falling behind

Crypto’s Wild West era is over — it’s time to embrace regulation to secure the future of digital assets

by Zac Townsend /
article-image

Analysis

Lightspeed Newsletter: Wine tokenization on Solana

Plus, Solana has now surpassed Ethereum in trailing 30-day decentralized exchange volume

by Jack Kubinec&Jeff Albus /