FTX accounts connected to 3Commas API keys have been exploited, leading to a massive loss of crypto funds.
One of the primary reasons behind the crypto winter that kicked off in May is exploits, scams and hacks. The booming hype of the crypto space has gathered the attention of attackers and hackers to find loopholes in the system and steal billions of dollars from the crypto market. A leading crypto exchange FTX seems to get trapped in a scam as FTX accounts are linked to 3Commas API keys. A joint investigation by FTX and trading-bot platform 3Commas revealed that API keys linked to FTX accounts were used to execute unauthorized trades for DMG trading pairs on 3Commas.
A New Crypto Scam In The Market
According to Colin Wu, a new scam is roaming around the crypto space called “Contra Trading.” On 19 October, an FTX user linked the 3commas API found that his account was trading DMG more than 5,000 times, leading to a theft of Bitcoin (BTC), Ethereum (ETH), FTT, etc., worth nearly $1.6 million. The 3Commas team was alerted of the exploit on 20 October when several FTX accounts with their API keys were used to execute unauthorized transactions.
3Commas said in an official blog post that the API keys were not validated from 3Commas as they were obtained through a phishing attack or exploit in the system. 3Commas stated, “The API keys were then stored by the fake website and later used to place the unauthorized trades on the DMG trading pairs on FTX.”
According to the firm, multiple fake websites which pretended to be 3Commas were used to obtain information by tricking FTX users into linking their accounts to a third-party website. 3Commas also mentioned that those websites contain malware that was used to execute a further operation to conduct fraudulent activity.
A Significant Amount Of Loss For FTX Users
3Commas made scrutiny of its security system and blamed users’ FTX accounts as their information was getting into the wrong hands due to a lack of precautions. Elaborating on this, 3Commas stated, “To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys. This is an issue that has affected multiple users who have never been customers of 3Commas, so there is no possibility that it is a leak of API keys originating from 3Commas.” The team also added, “representatives are in close contact with the victims of this 3rd party attack and are working with them to provide assistance and gather more information.”
A wide range of FTX account holders lost massive amounts due to this scam, as one user claimed to have lost over $1.5 million from API exploit. The claim was also retweeted by security firm Peckshield which currently has over 62K followers. However, the 3Commas team gave some relief as the firm stated, “This matter is being looked at as a top priority right now at 3Commas. We have the highest security with 2FA and OTP on login etc., to ensure that user accounts are always secure. We are in touch with the user to ensure they get all the support needed.”
This incident has been added to a growing list of hacks that took place during this crypto winter. According to reports, hackers wiped nearly $700 million from the crypto market in October.