Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange. 3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX. The duo identified that hackers used new 3Commas accounts to perform the DMG trades adding that, “The API keys were not taken from 3Commas but from outside of the 3Commas platform.” A subsequent investigation found fraudulent websites posing as 3Commas were being used to phish API keys as users linked their FTX accounts. The FTX API keys were then used to perform the unauthorized DMG trades. 3Commas further suspects that hackers used 3rd-party browser extensions and malware to steal the API keys from users, adding: “To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys. This is an issue that has affected multiple users who have never been customers of 3Commas so there is no possibility that it is a leak of API keys originating from 3Commas.”
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.