Thirty-year-old billionaire and FTX chief Sam Bankman-Fried is again loosening his purse strings. 

This time it’s for victims of a multimillion-dollar phishing scam that hit FTX users through compromised 3Commas’ Application Programming Interfaces (APIs). 

On Sunday evening, Bankman-Fried tweeted that he’s prepared to remunerate up to $6 million for FTX users affected by an exploit in which attackers used 3Commas’ API to make trades on the exchange. 


Blockchain journalist Colin Wu was the first to report the incident last Friday. Wu explained that an FTX user had found their account making trades without authorization. Within the first 24 hours, Wu identified three users affected by the same hack. 

Users who reported the hack to Wu also reported it to FTX and were told that the exploit was caused by the 3Commas’ API leak. 


A security update published by 3Commas yesterday confirmed that API keys linked to newly-created 3Commas accounts were used to execute the unauthorized trades.

The breach, however, did not come from 3Commas, but likely came when users connected to websites impersonating 3Commas. Attackers were then able to commandeer users’ APIs to compromise their FTX accounts. 


The update also clarified that the issue also affected users who have never used 3Commas. Both FTX and 3Commas have disabled APIs linked to suspicious activities and have asked users to create new ones.

FTX chief in the limelight

It’s been a busy Q3 for Bankman-Fried as he battles regulators, politicians, and the crypto community itself.

Recently, he became the target of investigations by Texan regulators who argue that the yield-bearing accounts offered by FTX.US could be considered unregistered securities. 

The FTX chief has also recently been criticized for his support of the Digital Commodities Consumer Protection Act (DCCPA). The DCCPA was introduced by Senators Debbie Stabenow (D-MI) and John Boozman (R-AR) in August and has garnered support from both Bankman-Fried and Coinbase for offering an alternative to what many have perceived as a regulation-by-enforcement strategy from the SEC. 

However, the DCCPA’s critics have described it as “DeFi killing” and have even heavily criticized Bankman-Fried for supporting it. 

He came under fire again this weekend after posting a Twitter thread on Saturday that addressed criticisms from the crypto community about his ideal regulatory framework for crypto.

Stay on top of crypto news, get daily updates in your inbox.