FTX To Reimburse $6M to 3Commas Phishing Attack Victims

FTX CEO Sam Bankman-Fried warned that reimbursing users affected by the 3Commas phishing scam would be a “one time thing”


FTX’s Sam Bankman-Fried | Blockworks exclusive art by axel rangel


key takeaways

  • At least three FTX users found millions missing from their accounts due to a phishing attack
  • API provider 3Commas discovered that several fake websites were used to phish its users

FTX CEO Sam Bankman-Fried said the cryptocurrency exchange will hand out $6 million to compensate victims of a phishing scam targeting its users — but never again.

Since last week, at least three FTX users were struck by the scam, in which hackers siphoned millions of dollars from their accounts with unauthorized trades. The attackers gained access by exploiting the 3Commas application programming interface (API) keys, which had been utilized by the affected FTX users.

3Commas is an automated crypto trading bot provider that facilitates automated buying and selling of crypto on major exchanges such as FTX. It’s seen as an efficiency tool, enabling users to easily place hundreds of trades, which is manually demanding.

The attacks were exposed when one FTX user reportedly found his account had traded DMG tokens more than 5,000 times on Oct. 19, which led to extraction of nearly $1.6 million in bitcoin, FTX token, ether and other cryptocurrencies (valued at the time).

A second user disclosed on Oct. 22 that he was a victim of the FTX attack, claiming he lost about 104 bitcoin ($2 million at current price) as a result of the incident. He also claimed he had never used his 3Commas account to set up a bot.

FTX phishing possibly spurred by malware

DMG, the token leveraged by the hackers in their scheme, is the governance token of defunct decentralized finance project DeFi Money Market (DMM), which ceased operations on Feb. 5 after inquiries from the SEC.

DMG’s price has crashed almost 60% since the closure but recovered to $0.02 as of Monday — roughly the same level as when DMM shut down, according to CoinGecko data.

3Commas confirmed that a number of partner exchange API keys were used to perform unauthorized trades for DMG crypto trading pairs on exchange accounts. Traders who had never used 3Commas were also affected by the phishing attack, it said.

Upon further investigation, the team found several fake 3Commas websites that were used to phish its users. Hackers had replicated the design of the website’s interface to capture API keys from users that mistakenly used the fake website to connect their exchange accounts.

3Commas said it further suspects API keys were stolen from users via malware and third-party browser extensions. It denied responsibility and said it was highly unlikely that the security incident originated with 3Commas’ services. FTX declined to comment while 3Commas directed Blockworks to its post-mortem blog.

Bankman-Fried published a Twitter thread expressing frustration at the incident. “Not only was this not FTX getting phished, it wasn’t even an FTX site. And in general we can’t compensate for users getting phished by fake versions of other companies in the space!”

“It isn’t FTX and we have basically no control over it,” Bankman-Fried said.

Loading Tweet..

Bankman-Fried added that FTX has mostly eliminated phishing sites that pose as the exchange itself, but that it can’t do the same for sites impersonating other services.

“To be clear, phishing is almost always a case where the user voluntarily (but unknowingly) gives their account credentials to a scammer by going to a bad site or something like that — but despite that, we take our duty to protect customers seriously, even from themselves,” he tweeted.

In this case, Bankman-Fried has sought fit to reimburse users affected by the 3Commas phishing campaign, but he warned that “this is a one-time thing and we will not do this going forward,” in all caps.

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Top Icon.png


Osmosis thrived in H2 2023 on the back of increased DeFi activity deriving from recently launched Cosmos-related projects and better market conditions. With new value accrual mechanisms for the native token, Osmosis is well-positioned to continue its strong performance in 2024.



Though the opposing flow trend is likely to slow over time, industry watchers note, bitcoin fund assets could one day eclipse the $90 billion gold ETF space


Celestia had the first mover advantage. EigenDA has staked ether. What sets Avail apart?


Bitcoin moved 1% higher Monday morning in New York, Matrixport analysts say $62,000 could happen next month


It’s hard to believe right now that crypto — even with all of its flexibility and massive capabilities — could ever be like cash on the internet


Michael Saylor announced Monday morning that MicroStrategy bought 3k more bitcoin after the X account was compromised over the weekend


Plus, Pudgy Penguins grows its brand and a group of Autoglyphs sell for $14.5 million