FTX to pay $6 million to phishing victims

What’s new? Crypto exchange FTX will pay about $6 million in compensation to the victims of the phishing attack. Earlier, hackers running fake websites of several crypto companies, including the trading platform 3Commas, got user account application programming interface (API) keys, which allowed them to conduct unauthorized trades on exchanges, including FTX. FTX CEO Sam Bankman-Fried stressed that this case will not be a precedent and the company will not be “making a habit of compensating for uses getting phished by fake versions of other companies.” He added that only FTX users will be compensated.

13) But in this particular case, we will compensate the affected users.THIS IS A ONE-TIME THING AND WE WILL NOT DO THIS GOING FORWARD.THIS IS NOT A PRECEDENT.We will not making a habit of compensating for uses getting phished by fake versions of other companies!— SBF (@SBF_FTX) October 23, 2022

More details about the incident. The attack became known on October 21 after a statement from 3Commas, a crypto platform. Its representatives reported that some users were conducting unauthorized trading activities. As part of the investigation, FTX and 3Commas suspended the suspicious accounts to avoid further losses and disabled all compromised API keys.

Bankman-Fried noted that FTX itself has tools to prevent users’ data from leaking to fake sites, and they work effectively, but in most phishing cases, victims voluntarily, albeit unknowingly, pass data to scammers directly on the fake pages. He stressed that, despite this, “we take our duty to protect customers seriously, even from themselves.” He added that the exchange is working to remove sites that masquerade as FTX but can not combat the fake pages of other projects.

Earlier, Bankman-Fried published an article on his blog in which he detailed his thoughts on the regulation of cryptocurrencies. Among them was a proposal that he called “the 5-5 standard,” under which hackers keep either $5 million or 5% of the amount they stole, whichever is less.

Bankman-Fried decided to apply this standard, urging hackers to return 95% of the stolen funds (about $5,7 million), saying it would release them from responsibility.

On October 21, a hacker stole $300 000 from Olympus DAO by exploiting a vulnerability in the smart contract on the bonds of the platform’s native token but returned the funds hours later. Previously, a member in the $114 million hack of the Mango Markets DeFi platform called his actions a legitimate “highly profitable trading strategy” implemented under the protocol capabilities, but agreed to return $67 million, according to the project’s community offer.

For more details about the reasons behind the growing number of attacks on DeFi projects, see GetBlock Magazine’s article.