'FTX Has Been Hacked': Crypto Disaster Worsens as Exchange Sees Mysterious Outflows Exceeding $600M
FTX officials appeared to confirm rumors of a hack on Telegram, instructing users to delete FTX apps and avoid its website.
The collapse of FTX, already one of the most spectacular disasters in financial history, worsened as hundreds of millions of dollars were drained from the cryptocurrency exchange hours after it filed for bankruptcy.
More than $600 million was siphoned from FTX's crypto wallets late Friday. Soon after, FTX stated in its official Telegram channel that it had been compromised, instructing users not to install any new upgrades and to delete all FTX apps.
"FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don't go on FTX site as it might download Trojans," wrote an account administrator in the FTX Support Telegram chat. The message was pinned by FTX General Counsel Ryne Miller.
Hours later, Miller disclosed in a tweet that FTX US and FTX.com had been moving all their digital assets to cold storage because of the Friday bankruptcy. "Process was expedited this evening – to mitigate damage upon observing unauthorized transactions," he said.
Many FTX wallet holders reported $0 balances in their FTX.com and FTX US wallets. FTX’s API appeared to be down, which could account for this. According to on-chain data, various Ethereum tokens as well as Solana and Binance Smart Chain tokens exited FTX's official wallets and moved to decentralized exchanges like 1inch. Both FTX and FTX US appear to be affected.
The transfers occurred on the same day that the firm filed for Chapter 11 bankruptcy protection in the U.S. after apparently losing – or misappropriating – billions of dollars in user funds. Suspicions – which are conjecture at this point – circulated online about whether, rather than an outside attack, someone inside the company might've been responsible.
On Twitter, members of the cryptocurrency community quickly began to speculate that the outflows could have been coordinated by a member of Bankman-Fried's inner circle, pointing out that the simultaneous and sophisticated hacks of FTX and FTX US are indicative of a potential inside job. Twitter sleuth ZachXBT tweeted Friday night that "multiple former FTX employees confirmed to me that they do not recognize these transfers."
Around midnight Eastern time, FTX's login portal was unavailable (though the site was still online) giving users a 503 error when they attempted to log in. A 503 error happens when the server is unavailable, commonly because it's down for maintenance or unavailable for access.
UPDATE (Nov. 12, 2022, 06:00 UTC): Adds updates and details throughout.
UPDATE (Nov. 12, 2022, 14:21 UTC): Hours after the publication of this article, FTX said it had expedited the move of its remaining funds to cold wallets. Click here for more.
UPDATE (Nov. 12, 2022, 15:25 UTC): Adds context in first paragraph and revisions throughout.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.