FTX To Reimburse $6M to 3Commas Phishing Attack Victims

FTX CEO Sam Bankman-Fried warned that reimbursing users affected by the 3Commas phishing scam would be a “one time thing”

article-image

FTX’s Sam Bankman-Fried | Blockworks exclusive art by axel rangel

share

key takeaways

  • At least three FTX users found millions missing from their accounts due to a phishing attack
  • API provider 3Commas discovered that several fake websites were used to phish its users

FTX CEO Sam Bankman-Fried said the cryptocurrency exchange will hand out $6 million to compensate victims of a phishing scam targeting its users — but never again.

Since last week, at least three FTX users were struck by the scam, in which hackers siphoned millions of dollars from their accounts with unauthorized trades. The attackers gained access by exploiting the 3Commas application programming interface (API) keys, which had been utilized by the affected FTX users.

3Commas is an automated crypto trading bot provider that facilitates automated buying and selling of crypto on major exchanges such as FTX. It’s seen as an efficiency tool, enabling users to easily place hundreds of trades, which is manually demanding.

The attacks were exposed when one FTX user reportedly found his account had traded DMG tokens more than 5,000 times on Oct. 19, which led to extraction of nearly $1.6 million in bitcoin, FTX token, ether and other cryptocurrencies (valued at the time).

A second user disclosed on Oct. 22 that he was a victim of the FTX attack, claiming he lost about 104 bitcoin ($2 million at current price) as a result of the incident. He also claimed he had never used his 3Commas account to set up a bot.

FTX phishing possibly spurred by malware

DMG, the token leveraged by the hackers in their scheme, is the governance token of defunct decentralized finance project DeFi Money Market (DMM), which ceased operations on Feb. 5 after inquiries from the SEC.

DMG’s price has crashed almost 60% since the closure but recovered to $0.02 as of Monday — roughly the same level as when DMM shut down, according to CoinGecko data.

3Commas confirmed that a number of partner exchange API keys were used to perform unauthorized trades for DMG crypto trading pairs on exchange accounts. Traders who had never used 3Commas were also affected by the phishing attack, it said.

Upon further investigation, the team found several fake 3Commas websites that were used to phish its users. Hackers had replicated the design of the website’s interface to capture API keys from users that mistakenly used the fake website to connect their exchange accounts.

3Commas said it further suspects API keys were stolen from users via malware and third-party browser extensions. It denied responsibility and said it was highly unlikely that the security incident originated with 3Commas’ services. FTX declined to comment while 3Commas directed Blockworks to its post-mortem blog.

Bankman-Fried published a Twitter thread expressing frustration at the incident. “Not only was this not FTX getting phished, it wasn’t even an FTX site. And in general we can’t compensate for users getting phished by fake versions of other companies in the space!”

“It isn’t FTX and we have basically no control over it,” Bankman-Fried said.

Loading Tweet..

Bankman-Fried added that FTX has mostly eliminated phishing sites that pose as the exchange itself, but that it can’t do the same for sites impersonating other services.

“To be clear, phishing is almost always a case where the user voluntarily (but unknowingly) gives their account credentials to a scammer by going to a bad site or something like that — but despite that, we take our duty to protect customers seriously, even from themselves,” he tweeted.

In this case, Bankman-Fried has sought fit to reimburse users affected by the 3Commas phishing campaign, but he warned that “this is a one-time thing and we will not do this going forward,” in all caps.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

recent research

LTIPPanalysis.png

Research

This report is a retroactive analysis of Arbitrum's Long Term Incentives Pilot Program (LTIPP). We collect relevant data at a protocol level and review bi-weekly updates to analyze recipients, their strategies, and the impact of the incentives on high level growth metrics. In particular, we want to highlight outperformers and underperformers, and glean any best practices or lessons learned for protocols distributing ARB incentives in the future. The overarching goal is to synthesize lessons learned that the DAO can reference as it begins thinking about future incentives programs–namely, the working group for incentives that is being actively discussed–especially as Timeboost introduces new conditions for trading and economic activity.

article-image

Sponsored

AI project Zerebro intersects the spheres of artificial intelligence, finance, art, music, and culture

article-image

Allmight is focused on furthering the United States’ leadership in crypto

article-image

The conditions Charles Schwab is waiting for before jumping headfirst into crypto could take shape soon

article-image

The FCA’s director of payments and digital assets shared some takeaways from chats with crypto companies and law firms

article-image

Let’s take a look at how US equities typically perform this time of year and what we might see in the coming days

article-image

Lumina introduces transparency and permissionless integration via an OP stack-based optimium, challenging traditional oracle designs