FTX API keys connected to 3Commas confirmed to have been exploited

Quick Take

  • An investigation by 3Commas and FTX concluded that unauthorized trades were conducted for DMG trading pairs on the crypto exchange.
  • 3Commas said the exploited API keys probably resulted from phishing attacks or hacks, and did not originate from its platform.

An investigation conducted by trading-bot platform 3Commas and cryptocurrency exchange FTX revealed that API keys linked to the former were used to conduct unauthorized trades for DMG trading pairs on the latter.

The 3Commas team was alerted to the incident on Oct. 20, when various FTX API keys connected to the platform were used to perform unauthorized trades.

The API keys were not taken from 3Commas and were probably obtained from a third-party phishing attack or hack, the platform said in an official blog post.

Through an investigation, the 3Commas team discovered multiple fake websites claiming to be 3Commas were used to phish information by tricking users into connecting their exchange accounts to fraudulent web interfaces. "The API keys were then stored by the fake website and later used to place the unauthorized trades on the DMG trading pairs on FTX," 3Commas said — also noting that third-party browser extensions or malware may have been involved.

The trading-bot platform stressed throughout the security alert that it was not to blame for the cases of user data falling into the wrong hands. "To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys," 3Commas wrote. "This is an issue that has affected multiple users who have never been customers of 3Commas so there is no possibility that it is a leak of API keys originating from 3Commas."

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

3Commas said its "representatives are in close contact with the victims of this 3rd party attack and are working with them to provide assistance and gather more information."

One user claimed on Twitter to have lost about $1.5 million from the API exploit — a claim that was retweeted by blockchain security and data analytics company PeckShield to its more than 62,000 followers. The Block reached out to the affected user for comment and verification but had not been able to verify the accuracy of the claim by time of publication.

Alameda Research, a principal trading firm with close ties to FTX, backed 3Commas in a $3 million funding round in late 2020. Last month, 3Commas raised $37 million in a Series B funding round led by Alameda Research, Jump Capital, Target Global and Copper CEO Dmitry Tokarev.


Disclaimer: The former CEO and majority shareholder of The Block has disclosed a series of loans from former FTX and Alameda founder Sam Bankman-Fried.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

TAGS
FTX

About Author

Adam is the managing editor for Europe, the Middle East and Africa. He is based in central Europe and was a managing editor and podcast host at the crypto exchange OKX's former research arm, OKX Insights. Before that, he co-founded BeInCrypto.com, which he elevated into one of the leading crypto media brands at its peak as the editor-in-chief. Earlier, he served as the editor-in-chief at Bitcoinist.com. Before joining the blockchain and crypto industry, he worked for Looper.com, Grunge.com and SVG.com. He tweets via @XBT002 and can be emailed at [email protected].