pull down to refresh
13 sats \ 0 replies \ @cryptocoin 24 Oct 2022 \ parent \ on: 3Commas API KEY ‘leak’, FTX user funds was stolen by contra trade bitcoin
Exactly.
So if I understand the issue correctly, here's how it goes down:
The hacker finds an illiquid shitcoin (DMG in this instance) with a huge bid/ask spread. The hacker then simply causes the the victim's FTX account (using the victim's FTX API trading key) to first sell (low) at the bid price (with the hacker's FTX account being the buyer), and then to turn around and cause the victim's account to instantly buy back from the hacker at the (high) ask.
Rinse and repeat until victim's account is drained due to the repeated losses from those trades. The hacker's account, being on the other side of each of those trades, has then realized the gains.
So firstly, that shows that people are leaving large amounts of funds on their FTX exchange accounts.