According to a joint report by X-explore and WuBlockchain, the recent API bot attack on FTX and 3Commas had broader implications than originally understood, revealing a “new way of theft” in the crypto space.
Since last week, at least four FTX users were struck by the scam, in which hackers stole millions of dollars from their accounts through unauthorised trades.
The attackers gained access by leveraging the 3Commas application programming interface (API) keys that the affected FTX users had used.
According to 3Commas, API keys may have been stolen from users via malware and third-party browser extensions. It denied responsibility and stated that the security incident was highly unlikely to have originated with 3Commas’ services.
On Sunday evening, Bankman-Fried tweeted that he is willing to pay up to $6 million to FTX users who have been affected by an exploit.
X-explore and WuBlockchain have discovered a new attack vector fueled by low spot volume on cryptocurrency exchanges.
The X-explore and WuBlockchain report stated:
Our team widened the investigation and found several fake 3Commas websites that were used to “phish” 3Commas users by replicating the design of the 3Commas web interface and captured API keys from 3Commas users that had accidentally used the fake website to try and connect their exchange accounts.
3Commas is an automated crypto trading bot provider that facilitates the automated buying and selling of crypto on major exchanges such as FTX.
FTX did not stop this in time, so there is some responsibility. This incident revealed a new way of theft, in which attackers complete the transfer of assets between different accounts by controlling transactions. Follow @x_explore_eth to read more.
— Wu Blockchain (@WuBlockchain) October 24, 2022
According to X-explore, the attackers in the FTX&3commas API theft also targeted the Binance US and Bittrex exchanges, stealing 1053ETH and 301ETH, respectively. At present, the attack on Bittrex is still in progress.
According to the report, when the attack occurs, the transaction volume of the DMG/USD trading pair increases by a thousand times, and the coin price fluctuates by 2-3 times, indicating a significant abnormal transaction event. Because FTX did not stop this in time, they bear some responsibility.
In the report’s summary, the analysis revealed a “new way of theft” in the crypto space. It emphasised three key areas that should be reviewed to reduce the likelihood of a similar exploit in the future: basic security, spot token security, and transaction security.