FTX Users’ Accounts Breached via Exploited 3Commas API Keys

The crypto market has experienced a lot of exploits, hacks, and scams which is the primary reason for the crypto winter. Recently, FTX users’ accounts were breached via exploited 3Commas API keys, resulting in a massive loss of crypto funds.

According to a blog post on October 23 by 3Commas, the exploited API keys did not originate from its platform. Also, there were no breaches to 3Commass account security and its API encryption systems, as well as the account security and API encryption system of FTX.

Consequently, the trading-bot platform and cryptocurrency exchange platform carried out a thorough investigation. After the investigation, 3Commas found out that the API keys used were from phishing attacks. The hackers made use of websites that look exactly like 3Commas. Eventually, they captured users’ API keys anytime they attempt to connect to their exchange account.

Afterward, the hackers used the stolen API keys to perform unauthorized trades for DMG trading pairs on FTX.

Although about three users claimed to be victims of the exploits, several others who are not verified 3Commas customers also claim to be affected. One of the victims lost about 1.5 million USD to the attack.

FTX and 3Commas Work Together to Prevent Further loss

Both parties are working with the affected persons to get more information as to how they store their API keys. 3Commas is doing everything to ensure its system is secure to avoid further occurrences. It also urges users to always check out the account security protocols before doing anything so as not to fall victim to an attack.

To prevent further damage, the platform disabled the API suspected of illegal activities and requested affected users to create another API. Furthermore, it advises users to update their linked exchange account using the link on the website to ensure their trades are unaffected.

Meanwhile, hackers have usually deployed phishing links to exploit unsuspecting users. In July, Decentralized Finance (DeFi) exchange protocol Uniswap suffered a phishing attack where users lost 7,500 ETH. Also, the popular play-to-earn NFT game Axie Infinity’s Discord server was breached and the attackers sent phishing links to users.