A crypto trader lost over a million dollars after hackers accessed his FTX account by exploiting an API connected to the trading account.

Chinese crypto journalist Colin Wu first reported the incident saying, the user first noticed that his account was trading DMG tokens more than 5000 times, only to discover later that nearly $1.6 million in Bitcoin, FTX token, Ethereum, and other cryptocurrencies have left their account.

A new method of stealing coins is emerging: contra trade. On October 19th, a user suddenly found that his FTX account using the 3commas API was trading DMG more than 5,000 times, stealing nearly $1.6 million such as BTC, ETH, FTT, etc. from his account. pic.twitter.com/cpxoCSdLiZ

The reporter further confirmed that this was not an isolated incident, as there have been three other victims. On its part, FTX claimed that the hack was due to leaks of the API keys for the trading platform 3Commas.

WuBlockchain learned that there have been four incidents of coin theft by stealing API KEYs and contra trading in FTX. Three of the cases were related to 3Commas, which 3Commas said was because users landed on fake websites. https://t.co/aigUYBg8bQ pic.twitter.com/oa41jofzOW

Another FTX user Bruce in an October 22 Twitter thread stated that he was a victim of the FTX exploit. He revealed that he lost $1.5 million to the incident which happened on October 21.

Hello Ftx, My name is Bruce and I am one of the victims of the 3Commas API exploit on FTX.I lost about 1.5 million USD in the attack(counting the market value of BTC).It happened on 21th in Beijing time. pic.twitter.com/sttAJnoRAU

According to Bruce, he has never “used 3Commas and even never heard about it. And I had never used the API key in the past 2 years. I had never saved the secret to any document.”

He further stated that malicious players had traded DMG via his account on October 18th and 19th. He questioned why FTX had no risk control measures in place for illegal trading activities.

Then asked how the exploiter still traded illegally on his account on October 21.

Bruce added that FTX was investigating the series of incidence.

Meanwhile, crypto trading platform 3Commas has denied culpability, saying “there are multiple affected users who have never been 3Commas customers and there is no possibility the security breach originated with 3Commas’ services.”

We investigated reports that some user accounts were compromised and investigated with FTX – we found the issue is likely related to Phishing, please read more here: https://t.co/ivdHo0IdEj pic.twitter.com/pmosstfrGi

Its team initially commented that its security systems had not been breached, and they are investigating the matter.

3Commas’ update on the situation stated that its investigation shows that some API keys were linked to new 3Commas accounts that were just created and used for the unauthorized DMG token trades.

These API keys are not taken from the 3Commas website. But it appears that some users accidentally connected to fake websites impersonating 3Commas. These phishing websites captured the users’ API and were later used for the hack on FTX. 

The update further clarified that the issue affected not only 3Commas users but those users that have never used 3Commas. 

Due to the scale and sophistication of the attack we also suspect that 3rd party browser extensions or malware may also have been used.

FTX and 3Commas have disabled all APIs for accounts with any suspicious activity and have asked users to create new ones.

For Be[In]Crypto’s latest Bitcoin (BTC) analysis, click here

The post FTX Users Lose Millions to API Exploit appeared first on BeInCrypto.

Similar to Notcoin - TapSwap on Solana Airdrops In 2024

origin »

174 +