Hundreds of millions of dollars in assets were mysteriously siphoned out of the collapsing crypto exchange FTX on Friday, in what exchange officials have referred to as a potential “hacking” incident.
Already a company in a spectacular state of financial and reputational free fall, the once well-respected and heavily promoted cryptocurrency exchange said Friday that it was looking into a barrage of “abnormal” asset transfers sweeping through accounts. Subsequent analysis seemed to suggest that as much as half a billion dollars may have been stolen.
The chaos started late Friday when FTX account holders began taking to Twitter to allege that their funds had disappeared. At 11:52 p.m., an admin for the exchange’s Telegram page posted the following statement:
Ftx has been hacked. All funds seem to be gone.
FTX apps are malware. Delete them…
Don’t go on ftx site as it might download Trojans.
Not long afterward, Ryne Miller, the company’s general counsel, tweeted: “Investigating abnormalities with wallet movements related to consolidation of ftx balances across exchanges – unclear facts as other movements not clear. Will share more info as soon as we have it.”
Shortly afterward, Miller claimed that the company was routing remaining funds into cold storage—the offline accounts that keep assets secure from hacking—in an attempt to stop any more funds from being transferred.
Elliptic, a company that tracks cryptocurrency movements across the internet, said that it had recorded more than $701 million in various tokens leaving the crypto exchange’s coffers on Friday night. In its analysis, Elliptic assessed that some $515 million in assets may have been stolen, while another $186 million potentially represented the assets that FTX had transferred into cold storage. The transferred funds involved a variety of tokens, including Solana, Ethereum, Tron, Avalanche, and Binance Smart Chain. The money was squirreled into three separate wallet addresses, after which the transferrer routed at least $220 million through decentralized exchanges, which Elliptic judges as a “common tactic used by thieves seeking to avoid seizure of the stolen assets.”
The timing of this whole episode—less than 24 hours after the company filed for chapter 11 bankruptcy—immediately aroused the suspicions of people online—with many suggesting that this wasn’t a real “hacking” episode but some sort of attempt by FTX insiders to rip off clients and steal half a billion dollars. Some theorized that a small group of FTX CEO Sam Bankman-Fried’s “insiders” were behind the apparent theft.
FTX, which was once considered one of the most promising enterprises in the crypto industry and boasted endorsements from a host of celebrities such as Tom Brady and Steph Curry, has imploded in a spasm of malfeasance that some have equated to the crypto equivalent of Enron. The firm’s CEO, Bankman-Fried, stepped down from his leadership position on Friday, amidst revelations that the company had been using customer’s money to fund its own risky trading activities and the company was insolvent.
A gargantuan amount of customers’ money also appears to have gone missing prior to the recent “hacking” episode. Reuters reported Saturday that, of some $10 billion in customer funds that Bankman-Fried previously transferred from FTX to his own company, Alameda Research, at least a billion dollars is said to have vanished into thin air. It’s unclear where it went or what the grand total of missing funds is, Reuters says, though some estimates of the vanished assets put the total value at somewhere between one and two billion dollars. One source told the outlet they thought the number was $1.7 billion. Reuters reports:
The financial hole was revealed in records that Bankman-Fried shared with other senior executives last Sunday, according to the two sources. The records provided an up-to-date account of the situation at the time, they said. Both sources held senior FTX positions until this week and said they were briefed on the company’s finances by top staff.
Gizmodo reached out to FTX for comment on both of these developments and will update this blog if we get a response.