3COMMAS ISSUES SECURITY ALERT AS FTX DELETES API KEYS FOLLOWING HACK

Last updated: October 25, 2025, 23:27 | Written by: Jarek Molsen

3Commas Issues Security Alert As Ftx Deletes Api Keys Following Hack
3Commas Issues Security Alert As Ftx Deletes Api Keys Following Hack

The world of cryptocurrency trading can be exhilarating, offering unprecedented opportunities for profit.However, it also comes with inherent risks, particularly surrounding security.Recently, leading automated crypto trading bot provider 3Commas issued a security alert that sent ripples through the crypto community. 3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX. The duo identified that hackers used new 3Commas accounts to perform the DMG trades adding that, The API keys were not taken from 3Commas but from outside of the 3Commas platform. A subsequentThis alert was triggered after the identification of unauthorized trades, specifically involving DMG cryptocurrency trading pairs, being executed on the FTX exchange using compromised API keys. 3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX.This incident prompted a swift response from both 3Commas and FTX, leading to a joint investigation and the subsequent deletion of potentially compromised API keys by FTX.

The situation highlights the critical importance of safeguarding API keys and understanding the potential vulnerabilities that can be exploited by malicious actors. Web3 to inject $1.1T in India s GDP by 2025, following 37x growth since 2025This isn't just about protecting individual investments; it's about maintaining the integrity and trust within the entire crypto ecosystem.In this article, we will delve into the details of the security alert, the joint investigation, the actions taken by 3Commas and FTX, and, most importantly, what users can do to protect themselves and their assets in this ever-evolving landscape.

Understanding the 3Commas Security Alert and FTX's Response

The initial alert from 3Commas stemmed from reports of unauthorized trading activity observed on the FTX exchange. FTTUSD FTX Token 3Commas issues security alert as FTX deletes API keys following hack. 3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades onThese trades centered around DMG trading pairs, raising immediate concerns about compromised accounts and potential security breaches.Recognizing the severity of the situation, 3Commas swiftly launched an investigation to determine the source of the issue.

Simultaneously, FTX, a major player in the cryptocurrency exchange arena, began its own investigation, collaborating closely with 3Commas to identify and mitigate the threat. 3Commas and FTX collaborated on an investigation into complaints of improper transactions on the DMG trading pairs on FTX.Source:The collaborative effort quickly revealed a pattern of unauthorized access, leading to the conclusion that certain API keys associated with 3Commas users had been compromised. [ad_1]Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange.3Commas and FTX conducted a joint iIn a proactive move to protect its users, FTX decided to invalidate and delete all API keys suspected of being compromised. This is an issue that has affected multiple users who have never been customers of 3Commas so there is no possibility that it is a leak of API keys originating from 3Commas. Full story : 3Commas issues security alert as FTX deletes API keys following hack.This decisive action, while disruptive for some users, was deemed necessary to prevent further unauthorized activity.

What Are API Keys and Why Are They Important?

Before we proceed, it's crucial to understand what API keys are and why they are essential in the context of cryptocurrency trading.An API key (Application Programming Interface key) is a unique identifier used to authenticate a user or application when making requests to an API. 3Commas further suspects that hackers used 3rd-party browser extensions and malware to steal the API keys from users, adding: To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys. This is an issue that has affected multiple users who have never been customers of 3Commas so there is noIn the cryptocurrency world, API keys are used to connect trading bots like 3Commas to exchanges like FTX, allowing the bots to automatically execute trades on behalf of the user.

Think of an API key as a digital passport that grants access to specific features and data on an exchange. Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange.Without a valid API key, a trading bot cannot connect to the exchange and cannot perform automated trading activities.Therefore, the security of API keys is paramount, as they represent a direct gateway to a user's trading account.

The Joint Investigation by 3Commas and FTX

diagram for ftx
diagram for ftx

The combined investigative efforts of 3Commas and FTX proved instrumental in uncovering the details of the security incident.The investigation revealed that the unauthorized DMG trades were being executed through new 3Commas accounts, suggesting that the compromised API keys were being used by malicious actors to control these accounts and manipulate the market.This was not a simple case of internal system compromise on either end.

A key finding of the investigation was that the API keys were not directly stolen from 3Commas' internal systems.Instead, the evidence pointed towards external sources, potentially involving malware or malicious browser extensions, which were used to harvest the API keys from unsuspecting users.This discovery highlighted the importance of user-side security practices and the need for increased awareness about potential phishing and malware threats.

“To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys,” stated 3Commas, emphasizing the external nature of the breach.

What Happened to the Compromised API Keys?

tutorial for keys?
tutorial for keys?

As mentioned previously, FTX took the crucial step of deleting all API keys suspected of being compromised. FTX users that have connected their accounts with 3Commas and receive a message regarding their API being invalid or requires updating must create new API keys. interface language English Fran aisThis action, while disruptive to users, effectively severed the connection between the malicious actors and the affected accounts. See full list on 3commas.ioBy invalidating these keys, FTX prevented further unauthorized trades and mitigated the potential for continued damage. In cooperation with FTX, it was decided that for the sake of user security, FTX should disable all compromised API keys on their side, and 3Commas should temporarily disable adding FTX keys to the platform. Also, the 3Commas engineering team has taken additional measures to prevent such attacks from happening in the future.If your 3Commas bot suddenly stopped working, this is likely why.

Following FTX's action, 3Commas temporarily disabled the ability to add new FTX API keys to its platform.This temporary measure was implemented to prevent further exploitation and to allow the 3Commas team to implement additional security measures. FTX users that have connected their accounts with 3Commas and receive a message regarding their API being invalid or requires updating must create new API keys. In such casesSubsequently, the ability to add new FTX API keys was restored, accompanied by enhanced security protocols.

What You Need to Do If You Use 3Commas with FTX

If you are a 3Commas user who has connected your account to FTX via API keys, here’s what you need to do:

  1. Check for Invalid API Messages: If you receive a message indicating that your API key is invalid or requires updating, it's a strong indication that your key was among those deleted by FTX.
  2. Create New API Keys: In this case, you must generate new API keys on FTX.
  3. Securely Store Your New Keys: Once you have generated new API keys, store them securely. 3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX. issues security alert asAvoid saving them in plain text or sharing them with unauthorized parties.
  4. Update Your 3Commas Account: Replace the old API keys in your 3Commas account with the newly generated keys.
  5. Monitor Your Account Activity: Keep a close eye on your trading activity and account balances to identify any suspicious transactions.

Step-by-Step Guide to Creating New API Keys on FTX

Here's a detailed guide on how to generate new API keys on FTX:

  1. Log in to Your FTX Account: Go to the FTX website and log in to your account using your username and password.
  2. Navigate to API Settings: Click on your profile icon and select ""API"" from the dropdown menu.
  3. Create New API Key: Click on the ""Create API Key"" button. The FTX API keys were then used to perform the unauthorized DMG trades. 3Commas further suspects that hackers used 3rd-party browser extensions and malware to steal the API keys from users, adding: To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys.You may be prompted to enable 2FA if you haven't already. Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform 3Commas issues security alert as FTX deletes API keys following hack - Mount Rushmore CryptoIt's highly recommended that you do!
  4. Configure Permissions: You'll need to configure the permissions for your new API key.For 3Commas, you'll typically need permissions to ""Read"" and ""Trade"".Ensure you only grant the necessary permissions to minimize potential risks.
  5. Copy and Store Your API Key and Secret: Once you've configured the permissions, click ""Create"".You'll be presented with your API key and secret. It's crucial to copy and securely store both of these values. The secret key will only be shown once, so be sure to store it in a safe place.
  6. Add the Keys to 3Commas: Go to your 3Commas account and navigate to the ""My Exchanges"" section. Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange. 3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX.Add a new exchange and select FTX.Enter your API key and secret.
  7. Test the Connection: After adding the keys, test the connection to ensure that 3Commas can successfully connect to your FTX account.

Protecting Yourself: Best Practices for API Key Security

The 3Commas and FTX incident serves as a stark reminder of the importance of API key security. Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange.3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX.Here are some best practices to help you protect your API keys and your cryptocurrency assets:

  • Enable Two-Factor Authentication (2FA): This adds an extra layer of security to your accounts, making it more difficult for unauthorized users to gain access.
  • Use Strong, Unique Passwords: Avoid using easily guessable passwords or reusing passwords across multiple platforms.
  • Be Wary of Phishing Attacks: Phishing attacks are designed to trick you into revealing your sensitive information, such as API keys and passwords. Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange.3Commas and FTX conducted a joint investiBe cautious of suspicious emails, links, and websites.
  • Download Software from Trusted Sources: Avoid downloading software or browser extensions from untrusted sources, as they may contain malware that can steal your API keys.
  • Regularly Review and Revoke Unused API Keys: Periodically review your API keys and revoke any that are no longer in use.
  • Use IP Whitelisting: Many exchanges allow you to restrict the usage of your API keys to specific IP addresses.This can help prevent unauthorized access if your keys are compromised.
  • Consider Using a Hardware Wallet: For long-term storage of your cryptocurrency assets, consider using a hardware wallet, which provides an extra layer of security by storing your private keys offline.
  • Regularly Monitor Your Account Activity: Keep a close eye on your trading activity and account balances to identify any suspicious transactions.

The Danger of Malicious Browser Extensions

3Commas suspects that malicious browser extensions played a role in the compromise of API keys.Browser extensions are small software programs that add functionality to your web browser.While many extensions are legitimate and useful, some may contain malware that can steal your personal information, including API keys.

To protect yourself from malicious browser extensions, follow these tips:

  • Only Install Extensions from Trusted Sources: Download extensions only from official app stores, such as the Chrome Web Store or the Firefox Add-ons.
  • Read Reviews and Ratings: Before installing an extension, read reviews and ratings from other users. Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency tradingPay attention to any negative feedback or reports of suspicious behavior.
  • Check Permissions: Before installing an extension, review the permissions it requests. Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform 3Commas issues security alert as FTX deletes API keys following hack - Index Investing NewsBe wary of extensions that request excessive or unnecessary permissions.
  • Regularly Review Your Extensions: Periodically review your installed extensions and remove any that you no longer need or that seem suspicious.
  • Keep Your Browser Up to Date: Ensure that your web browser is always up to date with the latest security patches.

How This Incident Affects the Crypto Community

The 3Commas security alert and FTX's subsequent deletion of API keys have had a ripple effect across the cryptocurrency community. 3Commas issues security alert as FTX deletes API keys following hack⁣ securityalert apikeys ftx issues followingThis incident serves as a wake-up call, highlighting the importance of security and user awareness in the crypto space. 3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading 3Commas issues security alert as FTX deletes API keys following hack - XBT.MarketIt reinforces the need for both exchanges and trading platforms to prioritize security measures and to educate users about best practices for protecting their assets.

Furthermore, the incident underscores the inherent risks associated with automated trading and the use of API keys.While automated trading can offer significant advantages, it also introduces new security vulnerabilities that users need to be aware of. Altszn.com provides the latest news, resources and insights on Bitcoin, Ethereum, Solana, DeFi, Web3, NFTs and other cryptocurrency markets.This doesn't mean automated trading is inherently bad; rather, it means that individuals need to approach it with a healthy dose of caution and adopt robust security practices.

The incident also promotes a greater emphasis on collaborative security efforts between exchanges, trading platforms, and users. FTX users that have connected their accounts with 3Commas and receive a message regarding their API being invalid or requires updating must create new APIOpen communication, transparency, and information sharing are essential for identifying and mitigating security threats effectively.

The Future of Security in Crypto Trading

gains trading technique
gains trading technique

The 3Commas and FTX incident serves as a catalyst for improved security measures in the cryptocurrency industry.Moving forward, we can expect to see a greater emphasis on:

  • Enhanced API Security: Exchanges and trading platforms will likely implement more robust API security measures, such as multi-factor authentication, IP whitelisting, and rate limiting.
  • Improved User Education: There will be a greater focus on educating users about API key security, phishing attacks, malware threats, and other security best practices.
  • Collaborative Security Efforts: Exchanges, trading platforms, and security researchers will collaborate more closely to identify and mitigate security threats.
  • Advanced Threat Detection: Exchanges and trading platforms will invest in advanced threat detection systems to identify and respond to suspicious activity in real-time.
  • Decentralized Security Solutions: The industry may explore decentralized security solutions that leverage blockchain technology to enhance security and transparency.

Example Scenario: Compromised API Key Leading to Unauthorized Trades

Let's illustrate the potential consequences of a compromised API key with a hypothetical scenario:

Imagine Sarah is a crypto enthusiast who uses 3Commas to automate her trades on FTX.She created API keys with both ""Read"" and ""Trade"" permissions, enabling her bots to execute buy and sell orders.Unfortunately, Sarah unknowingly downloads a malicious browser extension that harvests her API keys.A hacker gains access to Sarah's API keys and uses them to drain her FTX account by making unauthorized purchases of low-value, illiquid tokens and then immediately selling her legitimate assets for minimal value.

Because she wasn’t actively monitoring her bots and trades, Sarah doesn’t notice for several hours.By the time she discovers the unauthorized activity, her account balance has been significantly depleted.

This scenario highlights the importance of taking API key security seriously and implementing robust security measures to protect your assets.

Frequently Asked Questions (FAQs)

Here are some frequently asked questions about the 3Commas security alert and FTX's deletion of API keys:

Q: Was 3Commas hacked?
A: No, 3Commas' internal systems were not directly breached.The compromised API keys were likely obtained through external sources, such as malware or malicious browser extensions.
Q: How do I know if my API key was compromised?
A: If you received a message indicating that your API key is invalid or requires updating, it's a strong indication that your key was among those deleted by FTX.Also, if you have unauthorized trades, you may be compromised.
Q: What should I do if my API key was compromised?
A: Generate new API keys on FTX, securely store them, and update your 3Commas account with the new keys.Also, monitor your account activity for any suspicious transactions.
Q: How can I protect my API keys from being compromised?
A: Follow the best practices outlined in this article, including enabling 2FA, using strong passwords, being wary of phishing attacks, and downloading software from trusted sources.
Q: Is it safe to use trading bots like 3Commas?
A: Trading bots can be a useful tool for automating your trades, but they also introduce new security vulnerabilities.Use them with caution and implement robust security measures to protect your API keys.

Conclusion

The 3Commas security alert and FTX's response serve as a powerful reminder of the importance of security in the cryptocurrency world.While the incident was concerning, it also provided valuable lessons and prompted positive changes in the industry.The collaborative efforts of 3Commas and FTX, along with the increased awareness among users, will contribute to a more secure and resilient crypto ecosystem.Protecting your cryptocurrency assets requires a multi-faceted approach, including robust security practices, user education, and collaborative efforts between exchanges, trading platforms, and users.By understanding the risks and implementing the appropriate security measures, you can mitigate the potential for API key compromises and safeguard your investments.Key takeaway: Ensure your **API keys** are secure to protect your crypto investments using strong passwords, 2FA, and being wary of suspicious emails or links.Remember that this incident started because unauthorized trades using **DMG cryptocurrency** were made on **FTX exchange**.This highlights the need for constant vigilance in the evolving world of **crypto trading**.

Jarek Molsen can be reached at [email protected].

Comments