Caution: New Crypto Scam Hits FTX Account using 3commas API

Paigambar Mohan Raj
Source: Cyble Blog

According to reporter Colin Wu, there is a new scam making the rounds in the crypto space, called “Contra Trading.” Wu said that on October 19th, an FTX user with the 3commas API found that his account was trading DMG more than 5,000 times. The incident led to the theft of Bitcoin (BTC), Ethereum (ETH), FTT, etc., worth nearly $1.6 million.

According to users, crypto exchange FTX’s feedback was that the API KEY of 3commas was leaked. Additionally, the crypto exchange said that similar situations were not isolated events. However, 3commas has said that there was no leak.

The victim filed a police report, but FTX did nothing to stop additional users from being attacked via the trading API. Nor did they make any statements that would result in the freezing of funds.

The most likely cause of the account’s funds disappearing is a 3commas API security flaw. The flaw may have given hackers access to the account and allowed them to engage in questionable trading activity.

Who is responsible for the stolen crypto?

As of this moment, it is not known where the hack originated. FTX claims that the 3commas API key was leaked, while 3commas says that there was no leak on their end. The situation would need a thorough investigation to clear out.

If the fault lies with 3commas, the issue can be quickly addressed by halting the platform’s interaction with FTX accounts.

However, if the hack originated on FTX’s side, the situation could become a lot more serious. This would lead to almost every user on the crypto exchange becoming a potential victim. Furthermore, that being said, a security breach on one of the largest crypto exchanges in the world would not have gone unnoticed. FTX has a strong security team dedicated to hacks and exploits, and such an attempt would have been spotted by them earlier on.