In a statement on the platform’s official Telegram page, FTX’s Telegram admins revealed that the platform has fallen victim to a hack.
PeckShield Tracks the Hack in Real Time
In the closing hours of Friday, several wallets linked to FTX exchange began to suspiciously move assets worth millions of dollars, without any prior notice. This morning, FTX raised the alarm of a breach via its official telegram page.
The collapsed crypto exchange recorded cash outflows of over $600M from the platform’s wallets late on Friday. On-chain data revealed that the recipient wallet had collected 83,878.63 ETH, about $105M in just two hours. These funds reportedly came from a series of international and US-based addresses with ties to the failed exchange.
Crypto security firm Peckshield also reported the transfers providing frequent updates on the movement of the funds. The hacker conducted transfers and sales of various cryptocurrencies. At some point, they exchanged $LDO, $WBTC, $SUSHI, $YFI, and $UNI for $ETH on sushiswap and CoW Protocol.
The FTX team warned users against visiting the website and also advised them to get rid of their FTX apps. FTX General Counsel Ryne Miller pinned the update in the FTX Support Telegram chat. Notably, Miller stated that they were able to recover some of the funds.
FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don’t go on FTX site as it might download Trojans.”
Strange Transfers after FTX Halts Withdrawals
Over the past couple of days, leading crypto exchange FTX has been caught up in a major decline. About a week ago traders began dumping the platform’s native token amid rumors of insolvency, fearing a recurrence of the Terra crash. The situation worsened after Binance shared plans to rescue the platform only for CEO Changpeng Zhao to cancel the deal a few hours later.
FTX filed for chapter 11 bankruptcy on Friday, a move that rippled across the crypto space. Over 130 companies with connections to the platform have also commenced bankruptcy filings. Additionally, the bankrupt exchange put customer withdrawals on hold.
As such, from 05:20 PM UTC to 02:20 AM UTC, the platform did not process any outbound transactions. Seeing as the team did not communicate any plans to move funds amidst the existing controversy, the transfers were rather suspicious. Around this time, Ryne Miller posted a tweet saying he was looking into some unusual wallet activity “related to the consolidation of FTX balances across exchanges.”
Investigating abnormalities with wallet movements related to consolidation of ftx balances across exchanges – unclear facts as other movements not clear. Will share more info as soon as we have it. @FTX_Official
— Ryne Miller (@_Ryne_Miller) November 12, 2022
Possible Inside Job
Miller promised to share more information as the situation further unfolded. At first, some blockchain sleuths believed that the platform had only just commenced bankruptcy proceedings. However, others speculated about a hack or an insider at FTX trying to cart off funds amidst the ongoing confusion. Twitter sleuth ZachXBT noted that various ex-FTX employees had revealed that they did not recognize the transactions. About the failed exchange’s ex-CEO Sam Bankman Fried, one tweet said:
Or Sam wants to make it all back in one trade.”
Crypto influencer and pundit Ben Armstrong was more direct in accusations, calling for the exchange’s arrest.
SBF literally just hacked the remaining assets at FTX. Guarantee it’s him. He’s done this before (see my previous tweet).
— Ben Armstrong (@Bitboy_Crypto) November 12, 2022
Although despite speculations of an inside job, crypto users pointed out that some of the transactions contained crude jokes and insults. The involved addresses included names such as “dickcheesemcgee.eth,” “cumsock.eth” and “*sambankman-fraud.eth” among others. At the moment, the beleaguered founder and former CEO is yet to offer a statement.