FTX has agreed to provide $6M for recent phishing attack victims

FTX, the leading crypto trading exchange platform, has agreed to claim damages for this weekend's phishing attack with up to $6 million

FTX, the leading crypto trading exchange platform, has agreed to claim damages for this weekend’s phishing attack with up to $6 million. The trading-bot platform 3Commas, which communicates to FTX through an API, was the target of the phishing scheme.

According to reports, scammers pocketed millions of dollars by making trades on victims’ accounts after cloning the 3Comma website.

The CEO of FTX Sam Bankman-Fried, tweeted stating that he is prepared to pay up to $6 million in monetary compensation to FTX users who had been harmed by an exploit in which hackers misused the 3Commas API to make trades on the exchange.

“We’ve mostly stamped out sites that try to phish users by masquerading as FTX. But we can’t fix fake sites impersonating other services. A few users accidentally registered at fake other sites, including 3Commas.” 30-year-old billionaire clarified and further added:

“In this particular case, we will compensate the affected users. This is a one-time thing and we will not do this going forward.”

FTX users face phishing attack

Notably, during the recent weekend, FTX accounts linked with 3Commas suffered losses following API exploit. A particular user reported a loss of $1.6M in crypto through 3Commas API, as TheCoinRise reported.

Last Friday, the incident was reported for the first time by blockchain writer Colin Wu. Wu said that one FTX user had discovered trades being made on their account without permission. The reporter found three users who the same hack had attacked within the first day. Users that reported the hack to Wu also reported it to FTX and were informed that the 3Commas API breach was the reason behind the attack. According to on-chain data, a total of $6 million was taken.

On Sunday night, 3Commas announced that only three users had reported being impacted. According to a security update released by 3Commas, illegal code execution was carried out using API keys connected to recently formed 3Commas accounts.