Join us
Join us
FTX user defrauded of $1M: 3Commas implicated

FTX user defrauded of $1M: 3Commas implicated

Another scam in the crypto sphere with an unusual situation. It was through a service external to the FTX exchange, via 3Commas, that a user was scammed out of more than a million dollars. The two companies pass the buck in terms of their responsibility.


Mis à jour le 12/05/2022 à 00:12

3commas ftx hack

A scam took place on October 21 on the FTX exchange, the 3rd busiest crypto trading platform in the world. It was via an API from the company 3Commas that the scam took place.

The hacker managed to interfere in the protocol between the two platforms and recover the APIs to initiate thousands of transactions and recover the funds.

3Commas is a platform that allows users to develop trading robots to automate their trades. Then, they can link these robots to trading platforms via APIs.

These robots allow them, for example, to do copytrading by copying the positions of certain traders. Crypto trading robots and copytrading are very popular in the social media trading sphere.

Indeed, it is often presented as an easy and risk-free way to trade on markets without having prior knowledge.

In this API theft story, an account of an FTX user was robbed of more than $1 million. The hacker initiated over 5000 $DMG token swap transactions to steal $1.6 million in Bitcoin, Ethereum, etc.

How the APIs leaked and who is responsible between FTX and 3Commas?

Obviously, since this scam involves two platforms, one wonders who is responsible between the two. Who caused the leak of these APIs which allowed to extract the capital of the user?

Versions have changed between the start of the investigation and now. Following the announcement of this hack, 3Commas immediately reacted and sought to understand what had happened. It seemed at that time that it was on the FTX side that the API was unveiled.

For its part, 3Commas directly stated that its security system prevented this type of hack. Thanks to FA and OTP at the time of connection, user accounts are always secure. Moreover, they ensured that no API had leaked on their end.

Later, it was FTX who said that there were no leaks from their side either. The investigation therefore turns to an attack that would have taken place outside the two platforms concerned.

How was the account hacked ?

In the cryptocurrency community, phishing is unfortunately very widespread and it seems that this is what happened with the API keys of the hacked account.

Websites reproduce the design and methods of 3Commas, these fake showcases sometimes make victims who think to connect to the original platform by indicating their personal data.

The platform then has the necessary access to capture the API keys and steal considerable sums.

It can also be targeted attacks on investor profiles identified upstream by hackers. They identify large wallets through stolen databases and then contact them on social networks.

Another attack in the blockchain universe

The month of October is particularly affected by attacks of all kinds that damage the reputation of cryptocurrencies, blockchains and decentralized finance.

Hackers increasingly determined to find flaws in systems, whether by exploiting flaws in algorithms, smart contracts or “simply” using people’s vulnerability.

This hack between 3Commas and FTX also reminds us to beware of trading robots and “too easy” solutions to make profits through automatic trading.

Read our article about “our opinion on copy trading” to understand the risks of these practices.

⚠️ This article is published for informational purposes and should not be considered as investment advice. Crypto-currency trading involves risk and it is important not to invest more than you can afford to lose.

InvestX is not responsible for the quality of the products or services presented on this page and shall not be held liable, directly or indirectly, for any damage or loss caused as a result of using any goods or services highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.



Web editor for many years and SEO specialist, Thomas became an editor for InvestX when the site was launched. Passionate about the field of crypto and Web3, Thomas has made it his mission to deliver maximum value and introduce readers to the world of blockchains, considered for him as the world of tomorrow.

Risk Warning: Trading financial instruments and/or crypto-currencies involves high risks, including the risk of losing all or part of your investment, and may not be suitable for all investors. Crypto-currency prices are extremely volatile and can be affected by external factors such as financial, regulatory or political events. Trading on margin increases financial risk.


Before deciding to trade in financial instruments or crypto-currencies, you should be fully informed of the risks and fees associated with trading in the financial markets, carefully consider your investment objectives, level of experience, and tolerance for risk, and seek professional advice if necessary.

Some of the partners featured on this site may not be regulated in your country. It is your responsibility to verify the compliance of these services with local regulations before using them.