Some FTX exchange customers were victims of a phishing operation on October 20. Although FTX is in no way responsible for this scam, the platform is ready to make a nice gesture. FTX will indeed pay out $6 million to compensate these duped customers. But beware, “this is not a precedent”!
FTX and 3Commas victims of a hack
Some users of the FTX trading platform have seen red in recent days. In fact, several people have stated that they have noticed unauthorized transactions from their account. Millions of euros were thus stolen during this cyberattack.
Following these alerts, FTX obviously dug into the question. It turns out that hackers have managed to access user accounts through 3Commas API (Application Programming Interface) keys. 3Commas is a trading platform cryptocurrency which allows its customers to run automated trading bots that work on major exchanges like FTX. API keys correspond to identifiers that link FTX accounts to 3Commas.
A priori, the security flaw would not come from FTX or 3Commas. In a press release published on October 233Commas claimed, “The theft took place outside of the 3Commas system, via a phishing attack on inauthentic websites made up to look like the 3Commas interface. There were no breaches of 3Commas’ account security and API encryption systems, nor of our partner exchanges’ account security and API encryption systems. »
We therefore understand that it is in fact a case of phishing (or phishing in French). The hackers created a fake version of the 3Commas site to scam users and grab their API keys, which they then used on FTX. Thus, users have voluntarily provided their identifiers to those who now turn out to be scammers!
Cryptocurrency investing is offered by eToro (Europe) Ltd as a PSAN, registered with the AMF. Cryptocurrencies are very volatile. No consumer protection.
FTX offers exceptional reimbursement of 6 million dollars
Although FTX is not involved in this cyberattack, the platform has decided to help robbed users. Sam Bankman-Fried, founder and CEO of FTX, spoke via a thread sur Twitter October 24:
“In general, we cannot compensate users who are phished by fake versions of other companies in the sector! It’s not FTX and we simply have no control over it.
But in this specific case, we will compensate the users concerned. Sam Bankman-Fried (@SBF_FTX)
Nevertheless, FTX wanted to clarify thatthis is not a standard policy that the platform can systematically apply.
“THIS IS A ONE-TIME-ON-TIME STORY AND WE WILL NOT DO IT IN THE FUTURE.
THIS IS NOT A PRECEDENT.
We won’t make a habit of compensating users who get scammed by fake versions from other companies! Sam Bankman-Fried (@SBF_FTX)
Exceptionally, FTX is therefore ready to put its hand in its pocket. And the addition is salty! In total, FTX will repay approximately $6 million ! FTX may be hoping to recover some of those stolen funds through its infamous “5-5” rule…
A deal with hackers?
What is this “5-5” rule? This is a proposal made by Sam Bankman-Fried. By following this rule, hackers could keep either $5 million or 5% of the amount stolen (whichever is lower).
In his tweet today, the CEO of FTX opens the door to the application of this deal. He therefore invited hackers to keep 5% of the stolen amount and return the remaining 95%, or approximately $5.7 million, within 24 hours. If the hackers accept the deal, Sam Bankman-Fried claims to be ready to “absolve” them.
15) Anyway — maybe a time to try out the 5-5 standard on the 3Commas/phishing scammer!
If they send back ~$5.7m (~95%) of the scam within 24h to 0xD15ff86129c3Da57756b33827DfFF6D252602284, we’ll absolve them.
— SBF (@SBF_FTX) October 23, 2022
Hackers still have a few hours to grab this outstretched hand… Maybe this cyberattack will have a more “respectable” end than usual.
It must be said that this month of October was particularly intense in terms of hacking in the sector. According to Chainalysis, hacker activity hit an all-time high this month, earning it the bitter nickname “hacktober” !