On Saturday, several cryptocurrency traders suffered massive losses after hackers stole millions of dollars in digital assets from their FTX accounts by exploiting an API tied to their trading accounts.

An FTX user was shocked when he realized that his account using the 3Commas API traded the Governance Token (DMG) over 5,000 times, resulting in a loss of assets worth approximately $1.6 million , including Bitcoin, Ether and FTX tokens.

3Commas is a crypto trading platform that allows users to create automated trading bots on FTX and many other exchanges.

The report confirmed that this was not an isolated incident, as there were three other victims who suffered from the loss. The second victim of the FTX vulnerabilities revealed that she lost $1.5 million in the incident, which occurred on October 21. While she said malicious players had traded DMG through her account on October 18 and 19, she questioned why FTX hadn’t put the risk in place. control measures to guard against illegal business activities.

An investigation by trading bot platform 3Commas and crypto exchange FTX showed that API keys tied to 3Commas were used to perform unauthorized trades for DMG trading pairs on FTX. Both FTX and 3Commas identified that the hackers used new 3Commas accounts to perform the DMG transactions, as “API keys were not taken from 3Commas but from outside the 3Commas platform.”

The investigation showed that scam websites identifying themselves as 3Commas were used to spoof API keys when users linked FTX accounts to scam web interfaces. The fake websites’ API keys were stored and then used to place the unauthorized trades on DMG’s trading pairs on FTX. 3Commas further suspected that hackers used third-party browser extensions and malware to steal users’ API keys.

The duo identified suspicious accounts based on user activity, and as a result, suspended API keys to prevent further loss. FTX users who linked their accounts with 3Commas therefore received a message about their API being “invalid” or “requires update” and are now expected to create new API keys.

3Commas and FTX are currently working with victims to provide assistance and obtain more information about the hacking incident.

Why are crypto hacks emerging?

2022 has been identified as the worst year in terms of crypto hacking, according to research firm Chainalysis. october is Recognized as the worst month in history for crypto-related crime, with more than $718 million in total losses. Funds were stolen from various DeFi protocols during 11 different attacks.

This year is expected to overtake 2021 as the most prolific hacking year on record, with 125 attacks leading to the theft of more than $3 billion in funds so far. $325 million attack on cross-chain service Wormhole, $625 million attack on Axie Infinity’s Ronin bridge, $200 million attack on Nomad bridge, $100 million attack on Binance and many more took place this year.

Poorly protected protocols and unaudited decentralized applications are easy options for hackers who take advantage of their highly vulnerable locks.

Image source: Shutterstock