FTX users affected by the recent 3Commas-related Phishing attack will be compensated up to $6 million, Sam Bankman-Fried said. The exchange’s CEO said on Twitter that this was a “one-time thing” and would not become precedent.
Bankman-Fried’s thread noted the exchange has a huge number of controls in place to help prevent fake FTX sites — which weren’t the cause of this particular issue — from draining users’ accounts.
The phishing attack used multiple fake websites claiming to be 3Commas, which then phished information by tricking users into connecting their exchange accounts to fraudulent web interfaces. Users’ API keys were then stored by the fake websites and later used to place unauthorized trades on DMG trading pairs on FTX. Third-party browser extensions or malware may also have been involved, 3Commas said in its report.
“In general we can’t compensate for users getting phished by fake versions of other companies in the space,” Bankman-Fried said. “It isn’t FTX and we have basically no control over it.” However, the CEO added that this one time the firm will compensate affected users — though only FTX accounts, he stressed.
Referencing a standard where hackers or scammers keep 5% of the stolen funds, or $5 million, whichever amount is amount is smaller, Bankman-Fried concluded: “Anyway — maybe a time to try out the 5-5 standard on the 3Commas/phishing scammer! If they send back ~$5.7m (~95%) of the scam within 24 hours to 0xD15ff86129c3Da57756b33827DfFF6D252602284, we’ll absolve them.”