A scam took place on October 21 on the FTX exchange, the 3rd busiest crypto trading platform in the world. It was via an API from the company 3Commas that the scam took place.
The hacker managed to interfere in the protocol between the two platforms and recover the APIs to initiate thousands of transactions and recover the funds.
3Commas is a platform that allows users to develop trading robots to automate their trades. Then, they can link these robots to trading platforms via APIs.
These robots allow them, for example, to do copytrading by copying the positions of certain traders. Crypto trading robots and copytrading are very popular in the social media trading sphere.
Indeed, it is often presented as an easy and risk-free way to trade on markets without having prior knowledge.
In this API theft story, an account of an FTX user was robbed of more than $1 million. The hacker initiated over 5000 $DMG token swap transactions to steal $1.6 million in Bitcoin, Ethereum, etc.
How the APIs leaked and who is responsible between FTX and 3Commas?
Obviously, since this scam involves two platforms, one wonders who is responsible between the two. Who caused the leak of these APIs which allowed to extract the capital of the user?
Versions have changed between the start of the investigation and now. Following the announcement of this hack, 3Commas immediately reacted and sought to understand what had happened. It seemed at that time that it was on the FTX side that the API was unveiled.
For its part, 3Commas directly stated that its security system prevented this type of hack. Thanks to FA and OTP at the time of connection, user accounts are always secure. Moreover, they ensured that no API had leaked on their end.
Later, it was FTX who said that there were no leaks from their side either. The investigation therefore turns to an attack that would have taken place outside the two platforms concerned.
How was the account hacked ?
In the cryptocurrency community, phishing is unfortunately very widespread and it seems that this is what happened with the API keys of the hacked account.
Websites reproduce the design and methods of 3Commas, these fake showcases sometimes make victims who think to connect to the original platform by indicating their personal data.
The platform then has the necessary access to capture the API keys and steal considerable sums.
It can also be targeted attacks on investor profiles identified upstream by hackers. They identify large wallets through stolen databases and then contact them on social networks.
Another attack in the blockchain universe
The month of October is particularly affected by attacks of all kinds that damage the reputation of cryptocurrencies, blockchains and decentralized finance.
Hackers increasingly determined to find flaws in systems, whether by exploiting flaws in algorithms, smart contracts or “simply” using people’s vulnerability.
This hack between 3Commas and FTX also reminds us to beware of trading robots and “too easy” solutions to make profits through automatic trading.
Read our article about “our opinion on copy trading” to understand the risks of these practices.