FTX CEO Sam Bankman-Fried says the cryptocurrency exchange will pay $6 million in damages to victims of a phishing scam targeting its users — but never again.
Since last week, at least three FTX users have fallen victim to a scam in which hackers siphoned millions of dollars from their accounts with unauthorized transactions. The attackers gained access by using 3kamas Application Programming Interface (API) keys, which were used by affected FTX users.
3kamas is an automated crypto trading bot provider that makes it easy to automatically buy and sell crypto on major exchanges like FTX. It is considered an efficiency tool, allowing users to easily place hundreds of trades that would otherwise be manually demanded.
The attacks were revealed when an FTX user reported that his account had traded DMG tokens more than 5,000 times on October 19, earning nearly $1.6 million (value at the time) in Bitcoin, FTX Token, Ether and other cryptocurrencies.
A second user revealed on October 22 that he was the victim of an FTX attack, claiming that he lost around 104 bitcoins ($2 million at current prices) due to the incident. He claims that he never used his 3cams account to set up the bot.
FTX phishing is probably triggered by malware
DMG, the token the hackers leveraged in their scheme, is the governance token of the defunct decentralized finance project DeFi Money Market (DMM), which ceased operations on February 5 following inquiries from the SEC.
DMG’s price has crashed nearly 60% since the shutdown but recovered to $0.02 by Monday — roughly the same level as when DMM shut down, according to CoinGecko data.
3kamas has confirmed that several partner exchange API keys are being used to conduct unauthorized trades for DMG crypto trading pairs on exchange accounts. It says that even merchants who have never used 3Commas have been victims of phishing attacks.
On further investigation, the team found several fake 3 camera websites used to phish its users. Hackers replicated the website’s interface design to capture API keys from users who mistakenly used the fake website to connect their exchange accounts.
3Camas said it suspects API keys were stolen from users via malware and third-party browser extensions. It denied responsibility and said it was highly unlikely that the security incident originated with the services of 3 cameras. FTX declined to comment, but 3Com sent Blackworks to the Postmortem blog.
Bankman-Fried published a Twitter thread expressing her dismay at the incident. “Not only is FTX not phished, it’s not even an FTX site. And generally we can’t replace users if they’re being phished by fake versions of other companies in the space!”
“It’s not FTX and we basically have no control over it,” Bankman-Fried said.
Bankman-Fried said FTX removed most of the phishing sites it deemed a scam, but could not do the same for sites impersonating other services.
“To be clear, phishing is almost always a user voluntarily (but unknowingly) giving their account credentials to a scammer by going to a bad site or similar – however, we have a responsibility to protect customers fiercely from them as well,” he tweeted. .
In this case, Bankman-Fried wanted 3Cams to do enough to reimburse users affected by the phishing campaign, but he cautioned that “it’s a one-time thing and we’re not going to take it forward.”
