delio-global
Published in

delio-global

[Delio] Delio’s Thoughts on the Latest FTX Hacking Technique

On October 20, 3Commas, a cryptocurrency automated trading bot platform, attempted to connect to the FTX exchange through an official channel. DMG claimed that the token was used for illicit trade. The following registration of the API keys on the phishing website, DMG confirmed the illegal trading using the tokens.

In response, 3Commas and its partner exchange (FTX) declared that a combined investigation had discovered suspicious accounts and the disablin0g0 of the compromised AIP key. However, following the announcement, users that did not store or use 3Commas bots reported the hacked accounts.

Based on the content posted on Twitter by the victims, Delio inferred a predictable phishing method to help users secure their funds.

Predictable phishing techniques

1. When sending a transmission permission text (SMS) from the exchange (ex. FTX), using the link at the bottom can be a phishing address (ex. 3Commas) to expose your API key and eventually access your account.

2. aware of the pair creation and leakage via the autonomous bot program (using the API key mentioned above)

Exposing the API key can not only lead to the fund losses of the FTX exchange but also report similar attacks on Binance US and Bittrex exchanges.

We kindly ask Delio customers to pay close attention when using exchanges. Furthermore, we implore securing the file “[config.py]” (http://config.py/), which stores the API keys when developing or managing bots.

Delio provides only safe services under the strict supervision of the country’s financial authorities and the obtaining of the MSB license in the US, VASP, and ISMS in Korea.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Delio

Delio Digital Asset Finance Group, established in 2018, is №1 fintech company based in Seoul and acquired digital asset licenses from Korean and US governments.