Nov 4, 2022
[Delio] Delio’s Thoughts on the Latest FTX Hacking Technique
On October 20, 3Commas, a cryptocurrency automated trading bot platform, attempted to connect to the FTX exchange through an official channel. DMG claimed that the token was used for illicit trade. The following registration of the API keys on the phishing website, DMG confirmed the illegal trading using the tokens.
In response, 3Commas and its partner exchange (FTX) declared that a combined investigation had discovered suspicious accounts and the disablin0g0 of the compromised AIP key. However, following the announcement, users that did not store or use 3Commas bots reported the hacked accounts.
Based on the content posted on Twitter by the victims, Delio inferred a predictable phishing method to help users secure their funds.
Predictable phishing techniques
1. When sending a transmission permission text (SMS) from the exchange (ex. FTX), using the link at the bottom can be a phishing address (ex. 3Commas) to expose your API key and eventually access your account.
2. aware of the pair creation and leakage via the autonomous bot program (using the API key mentioned above)
Exposing the API key can not only lead to the fund losses of the FTX exchange but also report similar attacks on Binance US and Bittrex exchanges.
We kindly ask Delio customers to pay close attention when using exchanges. Furthermore, we implore securing the file “[config.py]” (http://config.py/), which stores the API keys when developing or managing bots.
Delio provides only safe services under the strict supervision of the country’s financial authorities and the obtaining of the MSB license in the US, VASP, and ISMS in Korea.
Delio Official Links:
Delio Official Website:
Stay Connected:
Delio Medium Page | Delio Facebook | Delio Twitter | Delio Instagram | Delio LinkedIn | Delio Telegram Channel | Delio Telegram Group
Download Delio App and start your safe investment journey today 👇
