Scottsdale, Ari. – October 26, 2022 – 3Commas, an automated cryptocurrency trading bot provider, released a blog post which detailed a security alert. A joint investigation with FTX was launched after users recognized unauthorized trades on the FTX exchange. The two companies determined that “certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange,” according to reports.
“Hackers utilized sites posing as the official 3Commas website in order to coordinate phishing attacks. The result? Access to API keys when users linked to their FTX accounts,” said Richard Gardner, CEO of Modulus, a US-based developer of ultra-high-performance trading and surveillance technology that powers global equities, derivatives, and digital asset exchanges.
According to the posting, the company noted, “To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys. This is an issue that has affected multiple users who have never been customers of 3Commas so there is no possibility that it is a leak of API keys originating from 3Commas.”
“What that means is that hackers likely utilized third-party browser extensions, along with malware, to steal API keys. This is an ongoing issue that extends well past the latest event with 3Commas. There have been a litany of hacks and cyberattacks which transpired thanks to third-party actors, including vendors,” said Gardner.
“When hackers look for an entryway, they’ve come to realize that most credible exchanges have spent effort on their security. They’ve locked the front door, so to speak. Third party vendors which have access to an exchange’s technology are often much easier targets. They look for an open window, rather than trying to kick down a steel door,” explained Gardner.
Modulus is known throughout the financial technology segment as a leader in the development of ultra-high frequency trading systems and blockchain technologies. Modulus has provided its exchange solution to some of the industry’s most profitable digital asset exchanges, including a well-known multi-billion-dollar cryptocurrency exchange. Over the past twenty years, the company has built technology for the world’s most notable institutions, with a client list which includes NASA, NASDAQ, Goldman Sachs, Merrill Lynch, JP Morgan Chase, Bank of America, Barclays, Siemens, Shell, Yahoo!, Microsoft, Cornell University, and the University of Chicago.
“This isn’t solely a cryptocurrency phenomenon, either. Remember back to the hack of New York City schools? Personal data for over three quarters of a million people was stolen. The school system blamed a trusted third-party vendor. Then there was the Solar Winds attack. There’s a tremendous amount of risk in these connections, and the industry needs to begin to recognize that and critically respond,” said Gardner.