FTX reimburses sacrifices from 3MMAS phishing attacks 6 million USD

Veröffentlicht:

Von: Krypto News Österreich

sam bankman-fried Ftx
  • at least three FTX users found that due to a phishing attack, millions of their accounts were missing
  • The API provider 3Commas discovered that several fake websites were used to phishing its users

Sam Bankman-Fried, CEO of FTX, said the cryptocurrency exchange would spend $ 6 million to compensate for the victims of a phishing fraud that is aimed at its users-but never again.

Since last week, at least three FTX users have been affected by the fraud that made hackers possible to skim millions of dollars from their accounts with non-authorized trades. The attackers gained access by using the keys of the 3Commas Application Programming Interface (API) used by the affected FTX users.

3Commas is an automated crypto trading bot provider that enables the automated purchase and sale of crypto on large stock exchanges such as FTX. It is seen as an efficiency tool that enables users to simply place hundreds of trades, which is manually demanding.

The attacks were revealed by an FTX user Supposedly noted on October 19 with more than 5,000 times DMG-token had acted, which led to an extraction of almost $ 1.6 million in Bitcoin, FTX token, ether and other cryptocurrencies (at that time).

A second user October 22nd that he became the victim of the FTX attack as a result of about 104 bitcoin ($ 2 million, current prices) lost. He also claimed that he had never used his 3Commas account to set up a bot.

ftx-phishing may be triggered by malware

DMG, the token used by the hackers in their scheme is the governance token of the no longer existing decentralized financial project Defi Money Market (DMM), the Operation set on February 5 according to inquire I es from the SEK.

The price of DMG has been broken down by almost 60 % since the closure, but recovered to $ 0.02 by Monday - according to the information about the same level as in the closure of DMM Coingecko Data.

3kommas confirmed that a number of partner exchange-pi keys were used to use unauthorized businesses to carry out on stock market accounts. Traders that 3Commas would never have used were also affected by the phishing attack, it said.

In further studies, the team found several fake 3Commas websites used to phishing their users. Hackers had replicated the design of the user interface of the website to capture API keys from users who incorrectly used the fake website to connect their Exchange accounts.

3Commas said it was also assumed that API keys were stolen by users about malware and browser extensions by third-party providers. It rejected responsibility and said it was highly unlikely that the security incident was based on the services of 3Commas. Blockworks asked FTX and 3Commas for a comment.

Bankman-Fried put a Twitter-thread express the incident. "This was not just a phishing of FTX, it wasn't even an FTX site. And in general we cannot compensate for users of fake versions of other companies in this area!"

"It's not FTX and we basically have no control over it," said Bankman-Fried.

Bankman-Fried added that FTX phishing sites, which spend itself as the stock exchange itself, has largely eliminated, but cannot do the same for sites that spends itself as other services.

"To say it clearly, Phishing is almost always a case in which the user voluntarily (but unknowingly) passes on his account details to a fraudster by calling up a bad website or the like - but we still take our duty to protect customers seriously. Even from himself," he tweeted.

In this case, Bankman-Fried tried to compensate the users affected by the 3Commas-Phishing campaign, but he warned in all major letters that "this is a unique thing and that we will no longer do so in the future".

. .

The contribution FTX to Reimburse $ 6m to 3Commas Phishing Attack Victims is not a financial advice.