3Commas-Related FTX API Keys Have Been Proven To Have Been Exploited
According to an investigation by the trading-bot platform 3Commas and the cryptocurrency exchange FTX, trades for DMG trading pairs on the latter were made without authorization using API keys associated to the former.
FTX API keys connected to the platform were used to perform unauthorized trades
On October 20, certain FTX API keys connected to the platform were exploited to execute unlawful trades, alerting the 3Commas team to the incident.
According to the platform’s official blog post, the API keys were not taken from 3Commas and were likely obtained through a third-party hack or phishing attack.
Through an investigation, the 3Commas team discovered multiple fake websites claiming to be 3Commas were used to phish information by tricking users into connecting their exchange accounts to fraudulent web interfaces. “The API keys were then stored by the fake website and later used to place the unauthorized trades on the DMG trading pairs on FTX,” 3Commas said — also noting that third-party browser extensions or malware may have been involved.
The trading-bot platform stressed throughout the security alert that it was not to blame for the cases of user data falling into the wrong hands.
“To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys,” 3Commas wrote.
“This is an issue that has affected multiple users who have never been customers of 3Commas so there is no possibility that it is a leak of API keys originating from 3Commas.”
3Commas said its:
“representatives are in close contact with the victims of this 3rd party attack and are working with them to provide assistance and gather more information.”
PeckShield, a blockchain security and data analytics startup, retweeted the claim that one user had lost around $1.5 million as a result of the API attack to its more than 62,000 followers.
A $3 million fundraising round led by Alameda Research, a primary trading company with connections to FTX, backed 3Commas in late 2020. Last month, Alameda Research, Jump Capital, Target Global, and Copper CEO Dmitry Tokarev led a $37 million Series B fundraising round for 3Commas.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu