Due to an API Exploit, FTX Users Lose Millions

A user of FTX was surprised to see that his profile had exchanged the Governance (DMG) token more than 5,000 times through using 3Commas API, losing roughly $1.6 million in investments including Bitcoin, Ether, and FTX tokens in the process.

Users of the 3Commas cryptocurrency trading software can create automated trading bots for FTX and many other exchanges.

According to the article, there have been three further individuals who also perished, proving that this was not an unusual incidence. The event, which happened on October 21, cost the second victim of the FTX shenanigans $1.5 million, he revealed. He said that on October 18 and 19, malicious players traded DMG using his account, but he queried why FTX still hadn't implemented risk control procedures to prevent such behaviors.

A public inquiry by the trading-bot platform 3Commas and the cryptocurrency exchange FTX revealed that DMG trade pairs on FTX were subject to fraudulent trades using API keys connected to 3Commas. The DMG trades were carried out by hackers using fresh 3Commas identities, according to both FTX and 3Commas.

The research revealed that individuals connected their FTX identities to fraudulent web interfaces, posing as 3Commas, in order to get API credentials. Then, the API keys for the bogus websites were saved and utilized to later place illicit trades on the DMG trading pairs on FTX. Additionally, 3Commas believed that malware and third-party browser add ons were being utilized by hackers to acquire users' API keys.

Based on user activity, the team discovered suspect accounts and suspended the API credentials to stop additional losses. As a result, 3Commas users who linked their FTX accounts with them were informed that their API was “invalid” or “needs upgrading” and that they should generate new API keys.

The victims are currently receiving aid from 3Commas and FTX, who are also trying to learn more about the hacking scandal from them.

Why Crypto Hacking Is On The Rise

In terms of cryptocurrency attacks, 2022 has been named as the most dangerous year so far by the Chainalysis research organization. The total damages from crypto-related crimes in October exceeded $718 million, making it the worst month on record. Throughout 11 distinct attacks, money was taken from various DeFi protocols.

With 125 thefts that have already resulted in more than $3 billion worth of assets being stolen, this year is predicted to surpass 2021 as the year with the most hacking incidents. This year saw a number of high-profile attacks, including a $325 million assault on Wormhole's cross-chain platform, a $625 million assault on Axie Infinity's Ronin bridge, a $200 million assault on the Nomad bridge, a $100 million hack on Binance, and many others.

Hackers can easily access poorly secured protocols and unverified decentralized apps by taking advantage of their extremely weak locks.

As a reminder, WikiBit is ready to help you search the qualifications and reputation of projects in a bid to protect you from hidden dangers in this risky industry!

iOS: t.ly/UUCj

Android: t.ly/cfYt