FTX traders lost millions worth of cryptocurrencies in an API exploit that allegedly involved crypto trading platform 3Commas.
According to information shared on Twitter by crypto journalist Colin Wu, on October 19, a user of the Bahamian exchange noticed that his account was behaving suspiciously, trading DMG tokens over 5,000 times.
Shortly after, the owner discovered his account to have already lost $1.6 million worth of Bitcoin, Ethereum, and FTX token.
At first, the incident appeared to have been an isolated one, but that wasn’t the case as few days later, another trader posted also on Twitter that he lost $1.5 million in the exploit.
Colin Wu said at least four FTX account holders fell victim to the cyber attack that is apparently being blamed on 3Commas.
FTX Offers One-Time Compensation To Affected Account Holders
Sam Bankman-Fried, a crypto billionaire and the CEO of FTX, was quick to announce the decision of his company to give a one-off compensation to affected traders which he described as “phishing by a third-party website.”
The digital currency exchange top honcho said they will allot $6 million to replenish the losses of their users. He, however, said this is a one-time deal as they refuse to make it a habit to compensate clients of phishing exploits perpetrated in non-FTX websites.
13) But in this particular case, we will compensate the affected users.
THIS IS A ONE-TIME THING AND WE WILL NOT DO THIS GOING FORWARD.
THIS IS NOT A PRECEDENT.
We will not making a habit of compensating for uses getting phished by fake versions of other companies!
— SBF (@SBF_FTX) October 23, 2022
Meanwhile, Bankman-Fried added they are prepared to absolve the hackers if they return 95% of the stolen funds.
He even proposed a “5-5 standard” for the attackers, saying the crypto hackers can either keep 5% of the total amount they have stolen from the project or $5 million, whichever is smaller.
We investigated reports that some user accounts were compromised and investigated with FTX – we found the issue is likely related to Phishing, please read more here: https://t.co/ivdHo0IdEj pic.twitter.com/pmosstfrGi
— 3Commas (@3commas_io) October 21, 2022
3Commas Denies Involvement In Exploit
Crypto trading platform 3Commas adamantly denied being involved in this particular work of and is maintaining being free of any culpability.
The company said multiple affected FTX users have never been 3Commas customers and that the security breach did not originate from their services.
“We investigated reports that some user accounts were compromised and investigated with FTX – we found the issue is likely related to Phishing,” said the company post on Twitter.
Investigation conducted revealed that there were API keys connected to newly created 3Commas accounts that were used for unauthorized trading of DGM tokens.
The platform clarified these keys were not from them and were linked by users to websites that impersonated the trading platform.
Crypto total market cap at $886 billion on the daily chart | Featured image from Spencer Heyfron/Fortune, Chart: TradingView.com