The specific incident relates to scammers who mimicked Three Commas, a trading bot provider, with unsuspecting users sharing their API keys.
Listen to the CoinMarketRecap podcast on Apple Podcasts, Spotify and Google Podcasts
Sam Bankman-Fried has warned that crypto scams are getting sophisticated — and as a "one-time thing," he's going to compensate phishing victims to the tune of $6 million.
The FTX CEO explained that his exchange employs a team of people whose job it is to tackle fraudsters who attempt to mimic the trading platform's website and app.
Copycat domains often attempt to dupe victims into providing their username and password, meaning criminals then gain control of their accounts and the funds within it.
And while the "huge number of controls" that FTX has in place usually work, SBF revealed that there has been a frustrating development that's out of his control.
Tech-savvy crypto enthusiasts often connect their FTX wallets to external companies that offer services such as automated trading and tax advice through an API key.
And according to Bankman-Fried, there's been a rise in phishing attacks impersonating these other websites, such as the crypto bot provider Three Commas.
"A few users" ended up being exploited after sharing their API keys with malicious actors through fake sites — with SBF warning there's generally "very little" that can be done about it.
Warning that "this sucks" and phishing is an issue that the industry needs to fight together, he wrote on Twitter:
"Not only was this not FTX getting phished, it wasn't even an FTX site. And in general we can't compensate for users getting phished by fake versions of other companies in the space! It isn't FTX and we have basically no control over it."
Despite all of this, the billionaire confirmed that — following the phishing attack that targeted Three Commas — FTX has taken the decision to compensate affected users. But warning that this shouldn't lead to complacency among traders, he added:
"THIS IS A ONE-TIME THING AND WE WILL NOT DO THIS GOING FORWARD. THIS IS NOT A PRECEDENT."
The compensation is only going to be offered to FTX users, and Bankman-Fried expressed hope that other exchanges will follow suit.
SBF went on to appeal to the phishing scammer responsible directly, and said that if they send back 95% of the funds within 24 hours — $5.7 million — "we'll absolve them." That would mean the criminal would still end up pocketing $300,000.
Unfortunately, it doesn't appear that the fraudster has taken SBF up on his offer so far.