FTX users lose millions from API exploit



A crypto trader lost over a million dollars when hackers accessed his FTX account by exploiting an API linked to a trading account.

Chinese crypto journalist Colin Wu, first reporting the incident, said that the user first noticed that his account was trading DMG tokens over 5000 times, only to later discover that Bitcoin, FTX tokens, Ethereum and others About $1.6 million in cryptocurrencies has left his account. ,

The reporter further confirmed that it was not an isolated incident, as there were three other victims. On its part, FTX claimed that the hack was caused by the leak of API keys for trading platform 3Commas.

Another FTX User Lost $1.5 Million

Bruce, another FTX user, said in an October 22 Twitter thread that he was the victim of an FTX exploit. He revealed that he had lost $1.5 million in the incident that happened on October 21.

According to Bruce, he “never used 3Commas and never even heard of it. And I had never used an API key in the last 2 years. I never found this secret in any documentation.” was saved.”

He further said that the malicious players had traded the DMG through his account on October 18 and 19. He questioned why the FTX had no risk control measures for illegal trading activities.

Then asked how the exploiter did illegal business from his account even on October 21.

Bruce said FTX was investigating the chain of events.

3Reaction to comma condition

Meanwhile, crypto trading platform 3Commas has denied guilt, saying that “there are many affected users who have never been 3Commas customers and there is no possibility that the security breach originated from 3Commas services.”

Its team initially commented that its security systems had not been breached, and they are investigating the matter.

3Commas’ update on the situation states that its investigation reveals that certain API keys were linked to new 3Commas accounts that had just been created and used for unauthorized DMG token trades.

These API keys are not taken from the 3Commas website. But it appears that some users accidentally joined fake websites impersonating 3Commas. These phishing websites captured users’ APIs and were later used for hacks on FTX.

The update further clarified that the issue affected not only 3Commas users but also users who have never used 3Commas.

Due to the scale and sophistication of the attack we also suspect that third party browser extensions or malware may have been used as well.

FTX and 3Commas have disabled all APIs for accounts with any suspicious activity and asked users to create new ones.

be for[In]Latest Bitcoin (BTC) Analysis of Crypto, Click Here

Disclaimer

All information contained on our website is published in good faith and for general information purposes only. Any action taken by readers on information found on our website is strictly at their own risk.





Source link

Leave a Comment