The collapse of FTX, already one of the most spectacular disasters in financial history, worsened as hundreds of millions of dollars were drained from the cryptocurrency exchange hours after it filed for bankruptcy.
More than $600 million was siphoned from FTX's crypto wallets late Friday. Soon after, FTX stated in its official Telegram channel that it had been compromised, instructing users not to install any new upgrades and to delete all FTX apps.
"FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don't go on FTX site as it might download Trojans," wrote an account administrator in the FTX Support Telegram chat. The message was pinned by FTX General Counsel Ryne Miller.
Many FTX wallet holders reported $0 balances in their FTX.com and FTX US wallets. FTX’s API appeared to be down, which could account for this. According to on-chain data, various Ethereum tokens as well as Solana and Binance Smart Chain tokens exited FTX's official wallets and moved to decentralized exchanges like 1inch. Both FTX and FTX US appear to be affected.
The transfers occurred on the same day that the firm filed for Chapter 11 bankruptcy protection in the U.S. after apparently losing – or misappropriating – billions of dollars in user funds. Suspicions – which are conjecture at this point – circulated online about whether, rather than an outside attack, someone inside the company might've been responsible.
On Twitter, members of the cryptocurrency community quickly began to speculate that the outflows could have been coordinated by a member of Bankman-Fried's inner circle, pointing out that the simultaneous and sophisticated hacks of FTX and FTX US are indicative of a potential inside job. Twitter sleuth ZachXBT tweeted Friday night that "multiple former FTX employees confirmed to me that they do not recognize these transfers."
Around midnight Eastern time, FTX's login portal was unavailable (though the site was still online) giving users a 503 error when they attempted to log in. A 503 error happens when the server is unavailable, commonly because it's down for maintenance or unavailable for access.
UPDATE (Nov. 12, 2022, 06:00 UTC): Adds updates and details throughout.
UPDATE (Nov. 12, 2022, 14:21 UTC): Hours after the publication of this article, FTX said it had expedited the move of its remaining funds to cold wallets. Click here for more.
UPDATE (Nov. 12, 2022, 15:25 UTC): Adds context in first paragraph and revisions throughout.
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.