KEY POINTS

  • 3Commas confirmed three traders were affected by the issue involving API keys
  • One trader claimed to have lost around $1.6M worth of crypto
  • FTX reportedly told traders the issue was due to leaked API keys

An investigation is ongoing after some cryptocurrency traders claimed that they lost millions of dollars in digital assets via a possible API exploit connected to their FTX trading account.

Blockchain reporter Colin Wu reported that "a user suddenly found that his FTX account using the 3commas API was trading DMG more than 5,000 times, stealing nearly $1.6 million such as BTC, ETH, FTT, etc. from his account."

One of the traders claimed he had reached out to FTX, a cryptocurrency exchange platform, and the CEX confirmed that the API keys (3Commas) were leaked, noting that the trader's situation is not an isolated case.

To back his claim, the trader submitted a police case filing to FTX but the company reportedly did not take any further action and did not offer any response. Interestingly, FTX has not frozen any funds involved in the reported issue.

"Users told WuBlockchain that FTX's feedback was that the API KEY of 3commas was leaked, and that similar situations were not isolated cases. After the user submitted the police case filing notice, FTX did not make any reply or freeze. 3commas said no leaks have occurred," Wu said in another tweet.

The account also confirmed that there are already three victims and that "3Commas responded that users had accidentally used the fake website to connect their FTX accounts. The API keys were then stored by the fake website and later used to place the unauthorized trades on FTX."

Meanwhile, 3Commas, a crypto trading platform that enables users to build automated trading bots that operate on major exchanges, said "There have been no breaches of either 3Commas' account security and API encryption systems, or the account security and API encryption systems of our partner exchanges."

The crypto trading platform added: "There are three 3Commas users who claim to have been affected by this situation. We are in contact with them to provide support and discover exactly how their API keys were stolen.

"No API keys have been leaked from 3Commas or partner exchanges... The API keys used in this attack likely came from phishing attacks utilizing websites that replicated the 3Commas interface and captured users' API keys when they attempted to connect their exchange accounts."

International Business Times has reached out to FTX, asking for its comment on the issue, which involved some of its users. We will update this article as soon as we hear from them.

bitcoin hacker
bitcoin hack https://news.bitcoin.com/european-bitcoin-exchange-hacked-for-1-4-million-claims-it-cannot-afford-to-repay-users/