An FTX user found that his account, which utilized the 3Commas API, had traded the DMM: Governance token upwards of 5,000 times, resulting in the loss of approximately $1.6 million of assets. As a result, the leading provider of crypto trading bots, 3Commas, released a security warning in response to this discovery.
How All This Unfolded?
An investigation of unlawful trades for DMG cryptocurrency trading pairs was carried out on the FTX exchange by 3Commas in collaboration with FTX. Both cryptocurrency companies discovered that the DMG trades were carried out by hackers using newly created accounts on 3Commas. They also discovered that “The API keys were not obtained from 3Commas but rather from outside of the 3Commas platform.”
https://twitter.com/littlesand2/status/1583830658203283456
“To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys.” According to the official statement (1) issued by 3Commas, “This is an issue that has affected multiple users who have never been customers of 3Commas, so there is no possibility that it is a leak of API keys originating from 3Commas.”
In its explanation of how the hack took place, 3commas explains that many phony websites imitating 3commas were used to “phish” the service’s users by reproducing the website’s user interface.
After this, API keys were obtained from 3Commas users who had inadvertently utilized the bogus website to attempt to connect their exchange accounts. These individuals had connected their accounts by mistake.
After some time had passed, the API keys were saved by the phishing site and subsequently utilized to make illicit trades on the FTX platform involving the DMG trading pairs. When initial rumors of illicit trading began to emerge, 3Commas immediately denied that any leaks had occurred from its end.
“At this very moment, 3Commas is highly important to investigate this particular situation. To guarantee that user accounts are never at risk of being compromised, we employ the most stringent security measures, such as two-factor authentication and one-time passwords. “We are in contact with the user to guarantee that they receive all of the necessary help,” 3Commas had previously stated.
Due to the magnitude and complexity of the attack, the crypto company has reason to believe that malicious software or browser extensions developed by third parties may also have been utilized.
Currently, users of FTX are allowed to generate a new API key on FTX and connect it to their 3Commas account. This is done to ensure that active trades are not disrupted. 3Commas is now collaborating with impacted users to provide help and collect additional information about the hackers.