3Commas, a platform that allows users to build automated trading bots, announced On October 21st, it was revealed that three of the customer’s keys were used to conduct fraudulent transactions on a partner’s exchange account.
Investigation revealed that the affected user had been phished using a fake 3Commas website, indicating that the keys had been stolen outside of 3Commas.
Sam Bankman-Fried, CEO of cryptocurrency exchange FTX, said: murmured On October 24th, it was revealed that several other users had also fallen prey to other phishing attacks emulating sites such as 3Commas. FTX can’t stop bad guys from creating fake sites for other cryptocurrency services, but as a “one-off”, in total he will compensate users who lost $6 million. he said.
13) However, in this particular case, we will compensate the affected user.
This is a one-time thing and will not be done again.
This is not precedent.
Don’t be fooled by other companies’ counterfeits and compensate for their use!
—SBF (@SBF_FTX) October 23, 2022
Bankman-Fried said FTX has a team dedicated to thwarting fake FTX clones and the exchange has a “huge number of controls” to prevent fake sites from attacking FTX accounts. I explained that there is. He added that it was “a lot of work,” but that attempts to prevent phishing attacks were “mostly successful.”
Bankman-Fried pointed out that phishing is “bad” and “something we have to fight as an industry.” This is unlike today, where each company has to independently suppress phishing attempts.
In current phishing attacks, FTX and other exchange users unknowingly provide API keys to use trading services on fake platforms, SBF explained. Techniques may vary depending on the site targeted, but in all cases, victims were exploited by “third-party attackers,” he wrote.
SBF further proposed asking the scammers to return 90% of the loot, or about $5.7 million, in exchange for immunity. He added that other exchanges, such as Binance, whose users were affected by the scam, also hope to compensate victims. reiterated its warning that it would not compensate users who were willing to provide information in phishing attacks.