{"id":68986,"date":"2022-10-24T10:21:32","date_gmt":"2022-10-24T07:21:32","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=68986"},"modified":"2025-09-07T17:19:22","modified_gmt":"2025-09-07T14:19:22","slug":"ftx-chief-assesses-damage-from-api-key-compromise-and-reaches-out-to-hackers","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/ftx-chief-assesses-damage-from-api-key-compromise-and-reaches-out-to-hackers\/","title":{"rendered":"FTX chief assesses damage from API key compromise and reaches out to hackers"},"content":{"rendered":"<p>As a result of a phishing attack on the algorithmic-trading platform for cryptocurrencies 3Commas and <a href=\"https:\/\/u1f987.com\/en\/news\/3commas-and-ftx-report-compromise-of-several-users-api-keys\">the compromise of a number of API keys<\/a>, FTX users&#8217; losses exceeded $6 million. This was reported by the exchange&#8217;s CEO, Sam Bankman-Fried.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\" data-lang=\\\"en\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">15) Anyway \u2014 maybe a time to try out the 5-5 standard on the 3Commas\/phishing scammer!<\/p>\n<p>If they send back ~$5.7m (~95%) of the scam within 24h to 0xD15ff86129c3Da57756b33827DfFF6D252602284, we\u2019ll absolve them.<\/p>\n<p>\u2014 SBF (@SBF_FTX) <a href=\\\"https:\/\/twitter.com\/SBF_FTX\/status\/1584304078976614400?ref_src=twsrc%5Etfw\\\">October 23, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>He contacted the perpetrators with an offer to return within 24 hours 95% of the stolen funds, or about $5.7 million, to avoid prosecution. This would be a test of <a href=\"https:\/\/u1f987.com\/en\/news\/sam-bankman-fried-outlines-his-vision-for-regulating-the-cryptocurrency-industry\">the standard he proposed<\/a>, Bankman-Fried added.<\/p>\n<p>He noted that in most cases phishing attacks are conducted either via emails containing malicious attachments or by creating fake sites for the platforms. By visiting these sites, the user voluntarily, albeit unknowingly, provides their credentials.<\/p>\n<p>According to Bankman-Fried, FTX has a team that fights counterfeit sites of the exchange.\u00a0\u00a0<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u00abWe have a large number of controls in place to try to prevent potential leakage of user accounts through fake FTX sites. And, overall, they are effective: it is a lot of work, but it is mostly successful\u00bb, said the head of the exchange.<\/p>\n<\/blockquote>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\" data-lang=\\\"en\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">5) We have a huge number of controls in place to attempt to prevent fake FTX sites from being able to drain users\u2019 accounts.<\/p>\n<p>And generally they work: it was a lot of work but it\u2019s mostly successful.<\/p>\n<p>\u2014 SBF (@SBF_FTX) <a href=\\\"https:\/\/twitter.com\/SBF_FTX\/status\/1584304040422572032?ref_src=twsrc%5Etfw\\\">October 23, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>In the case of the latest attack, users provided data to several fake sites, including 3Commas, but not to FTX. The team is not able to combat counterfeit sites of other platforms, Bankman-Fried stressed.<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u00abThis is largely unacceptable, and something the industry should fight. Right now each company has to separately deal with phishing, and it sucks. FTX has, but others need to as well\u00bb, said Bankman-Fried.<\/p>\n<\/blockquote>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\" data-lang=\\\"en\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">11) Mostly this sucks, and is something we should be fighting as an industry.<\/p>\n<p>Right now each company has to separately deal with phishing and it sucks.<\/p>\n<p>FTX has, but others need to as well.<\/p>\n<p>\u2014 SBF (@SBF_FTX) <a href=\\\"https:\/\/twitter.com\/SBF_FTX\/status\/1584304063684177924?ref_src=twsrc%5Etfw\\\">October 23, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>Even though this was not an FTX phishing attempt and not even its fake site, the exchange will compensate users for their losses. But this is limited to this particular case, the CEO of FTX clarified.<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u00abThis is a one-off thing, and we will not do this going forward. This is not a precedent! We will not cultivate a habit of compensating for users who fall prey to counterfeit versions of other companies\u00bb, warned Bankman-Fried.<\/p>\n<\/blockquote>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\" data-lang=\\\"en\\\">\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">13) But in this particular case, we will compensate the affected users.<\/p>\n<p>THIS IS A ONE-TIME THING AND WE WILL NOT DO THIS GOING FORWARD.<\/p>\n<p>THIS IS NOT A PRECEDENT.<\/p>\n<p>We will not making a habit of compensating for uses getting phished by fake versions of other companies!<\/p>\n<p>\u2014 SBF (@SBF_FTX) <a href=\\\"https:\/\/twitter.com\/SBF_FTX\/status\/1584304071498170368?ref_src=twsrc%5Etfw\\\">October 23, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>Earlier in October, the head of FTX announced <a href=\"https:\/\/u1f987.com\/en\/news\/sam-bankman-fried-unveils-a-new-version-of-ftx\">the launch of a new version of the exchange<\/a>. It is expected to take place on November 21.<\/p>\n<p>Read ForkLog&#8217;s Bitcoin news on our <a href=\\\"https:\/\/telegram.me\/forklog\\\" target=\\\"_blank\\\" rel=\\\"nofollow noopener\\\">Telegram<\/a> channel \u2014 cryptocurrency news, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As a result of a phishing attack on the algorithmic-trading platform for cryptocurrencies 3Commas and the compromise of a number of API keys, FTX users&#8217; losses exceeded $6 million. This was reported by the exchange&#8217;s CEO, Sam Bankman-Fried.<\/p>\n","protected":false},"author":1,"featured_media":68987,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1236,1403],"class_list":["post-68986","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-ftx","tag-sam-bankman-fried"],"aioseo_notices":[],"amp_enabled":true,"views":"16","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/68986","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=68986"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/68986\/revisions"}],"predecessor-version":[{"id":68988,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/68986\/revisions\/68988"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/68987"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=68986"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=68986"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=68986"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}