SBF on Twitter: "@chadlums a lot of our users want to be able to withdraw over API" / Twitter

Couldn't one just block withdrawal requests made via API? And/Or new device detected prompts a new session? Ergo the bad actor would still be able to trade away the funds, but couldn't withdraw then? Think gambling sites deal with this in a similar way

Quote Tweet

SBF

@SBF_FTX

Oct 23

10) In general, there's very little we can do about this: other sites can fail to squash phishing attempts on them, and users can ask to let those sites control their FTX API keys. (This happened to accounts on other exchanges 3C was connected to as well, e.g. Binance.)

Show this thread

Conversation