Conversation

SBF
@SBF_FTX
Replying to
@SBF_FTX
5) We have a huge number of controls in place to attempt to prevent fake FTX sites from being able to drain users' accounts. And generally they work: it was a lot of work but it's mostly successful.
5
85
SBF
@SBF_FTX
6) To be clear, phishing is almost always a case where the user voluntarily (but unknowingly) gives their account credentials to a scammer by going to a bad site or something like that--but despite that, we take our duty to protect customers seriously, even from themselves.
5
89
SBF
@SBF_FTX
7) (This was actually one of the first lessons we learned--way back in 2019, a few users got phished, and our initial reaction was 'that sucks please use 2FA'. Upon reflection--and reaction from users--we *mandated* 2FA, which helped a lot.)
10
109
SBF
@SBF_FTX
8) Anyway, recently a frustrating thing happened. We’ve mostly stamped out sites that try to phish users by masquerading as FTX. But we can’t fix fake sites impersonating *other* services. A few users accidentally registered at fake other sites, including 3 Commas.
15
115
SBF
@SBF_FTX
9) They provided their FTX api keys to use the sites' trading tools. Others users were probably phished through other methods. But one way or another, these users were exploited by third party attackers.
7
69
SBF
@SBF_FTX
10) In general, there's very little we can do about this: other sites can fail to squash phishing attempts on them, and users can ask to let those sites control their FTX API keys. (This happened to accounts on other exchanges 3C was connected to as well, e.g. Binance.)
7
74
SBF
@SBF_FTX
11) Mostly this sucks, and is something we should be fighting as an industry. Right now each company has to separately deal with phishing and it sucks. FTX has, but others need to as well.
7
87
SBF
@SBF_FTX
12) Anyway--not only was this not FTX getting phished, it wasn't even an FTX site. And in general we can't compensate for users getting phished by fake versions of other companies in the space! It isn't FTX and we have basically no control over it.
5
79
SBF
@SBF_FTX
13) But in this particular case, we will compensate the affected users. THIS IS A ONE-TIME THING AND WE WILL NOT DO THIS GOING FORWARD. THIS IS NOT A PRECEDENT. We will not making a habit of compensating for uses getting phished by fake versions of other companies!
118
268
SBF
@SBF_FTX
14) But this once, we'll do it; roughly $6m total. (To be clear, only for FTX accounts! Hopefully other exchanges will comp theirs.) BUT AGAIN NOT A PRECEDENT, WE WILL NOT GOING FORWARD.
19
197
SBF
@SBF_FTX
Replying to
@SBF_FTX
16) Their addresses: a) 0x6D3e6Ba1b510287141b27F763A86E04c72a001D1 b) 0xaB8bd0D4Eda57cd9EE5A058e498A791dF13dFA65 c) 0x87c828593984381E50D55F755B8462e074047Cf7
19
112
This Tweet was deleted by the Tweet author. Learn more
Austerity Sucks
@austerity_sucks
Replying to
@EdwardWilll
and
@SBF_FTX
yea but theres some pretty sad stories about losses -- and plus, theres _some_ liability still on FTX because their system arguably could / should have controls preventing the successful abuse of trading API key perms to steal money and get it off the platform
1
3
Show replies
Austerity Sucks
@austerity_sucks
Replying to
@SBF_FTX
i wonder if this was done by "crypto ppl" (where i think the 5-5 thing is appealing to them to take) or by outsiders who just have no reason to care (like north korea)
3
Show additional replies, including those that may contain offensive content
Show