Last updated 11:46 UTC 12th November 2022 – Reports began to appear late on Friday night that FTX wallets looked like they were being drained in a series of mysterious transactions.
Watchers concluded that FTX had either been hacked or insiders were making off with client funds in the latest incendiary developments in the FTX collapse.
At 07.30 UTC, FTX US general counsel Ryne Miller confirmed that there have indeed been “unauthorized transactions” from the group’s wallets to addresses not under the control of FTX.
FTX filed for Chapter 11 bankruptcy yesterday, seeking protection from its creditors. Now those creditors will be worried that at least some of their funds will no longer be available to payout in claims.
A prominent dev posted on Twitter that “hundreds of millions of dollars” worth of crypto were on the move from FTX wallets. The late hour of the transactions meant it was unlikely it was liquidators at work on behalf of creditors.
Other theories were advanced to explain the movement – either it was a hack or an employee stealing the funds:
Later on-chain forensics expert ZachXBT posted on Twitter that it had been confirmed to him by former FTX employees that the receiving addresses were not FTX wallets:
Multiple former FTX employees confirmed to me they do not recognize these transfers for ~$383m
Citing the fact that FTX and FTX US are different businesses and were supposedly run as such – but we know nothing for certain now, it seems unlikely that a hacker would have been able to avail themselves of the private keys on both exchanges both at the same time unless they had inside information or were insiders.
But given the chaos at FTX anything is possible. If follows from reports that junior employees were taking it upon themselves to try and sell off some of FTX’s distressed assets, according to reports by Bloomberg.
One redditor posited the following:
This was almost certainly an inside job, as FTX and FTX US are two seperate corporate entities. It is impossible that a hacker would have access to both of their servers, keys, and backups. The FTX com site (not adding link for fat fingers) will download trojans and decrypt private keys from hot wallets.
The two main draining addresses have been identified. As much as $383 million in crypto may have been stolen:
Main draining address: https://etherscan.io/address/0x59abf3837fa962d6853b4cc0a19513aa031fd32b
Shitcoin draining address: https://etherscan.io/address/0xd8019a114e86ad41d71a3eeb6620b19dd166a969
Crypto analytics research firm Nansen tweeted that the outflows were at least $266 million:
The Australian Financial Review reports that figure for the lost funds could be $600 million, in a mixture of Ethereum, Solana, BNB LINK, AVAX and MATIC.
According to Coindesk, many FTX.com and FTS.US customers are seeing $0 balances in their accounts.
There are also unsubstantiated claims that the FTX app is riddled with malware and should no longer be used – the same goes for the FTX website, according to a redditor.
However, Cryptonews.com has not been able to confirm the presence of malware in either case.
But this was posted by an FTX Telegram admin called Rey:
https://t.me/FTX_Official/696038
However, the confusing and dangerous situation for the 1.2 million FTX customers continues to develop.
An update has been pushed out to FTX app users, but experts are urging all FTX customers to refrain from running the update or interacting with their FTX account at this time.
Customers are advised not to make any changes to their account until there is greater clarity, presumably such as an official statement from FTX:
Judging by his most recent tweet, Binance founder and CEO Changpeng Zhao (CZ ) is not impressed by the latest turn of events:
If you are looking for some safer places to invest in crypto at this time, you might want to take a look at two presales taking place now – Dash 2 Trade and RobotEra.
The first is an analytics and signals platform bringing pro tool to the retail traders and the second is the latest Metaverse game and is likely to be the hit of 2023.
You must be logged in to post a comment.