Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange.
3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX. The duo identified that hackers used new 3Commas accounts to perform the DMG trades adding that “The API keys were not taken from 3Commas but from outside of the 3Commas platform.”
A subsequent investigation found fradulent websites posing as 3Commas were being used to phish API keys as users linked their FTX accounts. The FTX API keys were then used to perform the unauthorized DMG trades.
3Commas further suspects that hackers used 3rd-party browser extensions and malware to steal the API keys from users, adding:
“To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys. This is an issue that has affected multiple users who have never been customers of 3Commas so there is no possibility that it is a leak of API keys originating from 3Commas.”
Both FTX and 3Commas identified suspicious accounts based on user activity and suspended the API keys to avoid further losses.
FTX users that have connected their accounts with 3Commas and receive a message regarding their API being “invalid” or “requires updating” must create new API keys. In such cases, 3Commas suggested that:
“It is possible your API details were compromised and the API key has been deleted by FTX.”
Users have the option to create a new API key on FTX and link it to their 3Commas account to ensure no disruption to active trades.
3Commas are currently working with the victims to provide assistance and gather more information about the hackers.
Related: Voyager customers could recover 72% of frozen crypto under FTX deal
FTX recently partnered with Visa to roll out debit cards in 40 countries worldwide. The partnership allows FTX users to pay for goods and services using debit cards that boast “zero fees” and no yearly charges.
The market reacted to the development as the FTX token spiked 7%, momentarily reaching a trading price of $25.62.
Source: https://cointelegraph.com/news/3commas-issues-security-alert-as-ftx-deletes-api-keys-following-hack