Conversation

3) Usually, phishing looks like an email, and it has a bad attachment, or something. In crypto, the scams have gotten sophisticated. For instance--we have a team of people who work to make sure fake FTX clones don't gain prominence.
6
102
4) Why fake websites? Well, generally, a phishing scam will copy someone's website, but intercept the username/password/etc.--so now they control the login, and can try to drain the user's account.
6
72
5) We have a huge number of controls in place to attempt to prevent fake FTX sites from being able to drain users' accounts. And generally they work: it was a lot of work but it's mostly successful.
5
85
6) To be clear, phishing is almost always a case where the user voluntarily (but unknowingly) gives their account credentials to a scammer by going to a bad site or something like that--but despite that, we take our duty to protect customers seriously, even from themselves.
5
89
7) (This was actually one of the first lessons we learned--way back in 2019, a few users got phished, and our initial reaction was 'that sucks please use 2FA'. Upon reflection--and reaction from users--we *mandated* 2FA, which helped a lot.)
10
109
8) Anyway, recently a frustrating thing happened. We’ve mostly stamped out sites that try to phish users by masquerading as FTX. But we can’t fix fake sites impersonating *other* services. A few users accidentally registered at fake other sites, including 3 Commas.
15
115
This Tweet was deleted by the Tweet author. Learn more
Show replies
Replying to
I had the exact same hack on the 27th. I have always been responsible for security, but the API still leaked and more than 70 000 $ were stolen from me, the support said that it was my fault.I feel bad. Why didn't the exchange remove the API from everyone at the first problems??
11
6
Show more replies