A security alert has been issued by automated crypto trading bot provider 3Commas after identification of certain FTX API keys being used to conduct unauthorized trades on the FTX exchange for DMG cryptocurrency trading pairs.
Holding a Joints Investigation
As a result of reports from users on FTX about unauthorized trades on DMG trading pairs, 3Commas and FTX conducted a joint investigation.
As the duo explained, hackers used new 3Commas accounts to execute DMG trades, and that “The API keys were not taken from 3Commas but from outside of the 3Commas platform.”
The investigation further revealed that fake 3Commas websites were used to phish API keys from users as they linked their FTX accounts which were then used in the unauthorized DMG trades.
3Commas believes the API keys were stolen from users using third-party browser extensions and malware.
“To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys. This is an issue that has affected multiple users who have never been customers of 3Commas so there is no possibility that it is a leak of API keys originating from 3Commas,” 3Commas said.
Suspending The API Keys
FTX and 3Commas both detected suspicious accounts by monitoring user activity and suspended their API keys to prevent further losses.
Users who have connected their FTX accounts to 3Commas and receive an error message indicating their API is “invalid” or “requires updating” must create new API keys.
“It is possible your API details were compromised and the API key has been deleted by FTX.”
The 3Commas API key can be created on FTX and linked to the user’s account to ensure no disruption to active trades occurs.
Affected victims are being helped by 3Commas and further information is being gathered about the perpetrators.