The platform for algorithmic cryptocurrency trading 3Commas and the exchange FTX warned of the compromise of a number of API keys, which were subsequently used to execute unauthorized trades of the DMG Governance (DMG) token.
We investigated reports that some user accounts were compromised and investigated with FTX — we found the issue is likely related to Phishing, please read more here: https://t.co/ivdHo0IdEj pic.twitter.com/pmosstfrGi
— 3Commas (@3commas_io) October 21, 2022
“On October 20, the 3Commas team was alerted to an incident in which several API keys linked to 3Commas were used to execute unauthorized DMG trades on FTX accounts,” the statement said.
3Commas noted that the issue was not related to a breach of the platform’s databases or accounts, as among the victims are traders who had never used the company’s services.
“It was found that a number of API keys were linked to new 3Commas accounts that were created and first used to execute unauthorized trades […]. The API keys were not extracted from 3Commas, but outside the platform,” the company explained.
Among the likely causes, experts cited “phishing or a third-party hacking attack.” During the investigation, they discovered several fraudulent sites that copied the 3Commas interface and were created with the aim of “capturing API keys”.
Users were warned that attackers could also distribute third-party browser extensions and other malware to steal confidential data.
FTX and 3Commas specialists flagged accounts with possible suspicious activity and disabled the API keys that could have been compromised.
A user going by the name desertpower told Twitter that, due to the incident, he allegedly lost around $1.5 million.
👀👀 @FTX_Official @SBF_FTX https://t.co/q4W9IECWwi
— PeckShield Inc. (@peckshield) October 22, 2022
According to journalist Colin Wu, at least four users were affected. All unauthorized trades took place between October 18 and 21.
A summry of 4 victims. All contra trades happened between October 18th to October 21st on FTX compromised account of victims in low liquidity pairs: DMG/USD MER/USD PORT/USD. FTX and 3commas has been alerted of this incident, but they didn’t prevent the ongoing hack to happen. https://t.co/Z5DnRSS9eo pic.twitter.com/TSFk55RtrX
— Wu Blockchain (@WuBlockchain) October 23, 2022
According to Chainalysis, October 2022 set a new record for the amount of cryptocurrency stolen by hackers.
Read ForkLog’s bitcoin news on our Telegram — cryptocurrency news, prices and analytics.