As the crypto industry grieves the unexpected collapse of crypto exchange FTX, a hacker suddenly strikes the beleaguered exchange. FTX reportedly suffered a hack with more than $600 million drained from FTX’s crypto wallets.
While discussions were going on about the whole FTX situation, FTX account holders started reporting that their assets had disappeared from their wallets, sparking rumors of a potential hack.
FTX exchange’s Telegram group admin later confirmed the hack warning the users, “FTX apps are malware. Delete them… Don’t go on FTX site as it might download Trojans.”
More than $663 million in different tokens on Ethereum, Binance Smart Chain, and Avalanche have been withdrawn from FTX’s wallets.
Of this, $477 million is thought to have been looted, and the remaining funds are deemed to have been transferred by FTX to secure cold storage.
Through decentralized exchanges, over $220 million worth of the tokens has been swapped for ETH or DAI.
It appears that FTX transferred $186 million across more than a hundred separate tokens into this wallet, where it is still present.
FTX US general counsel Ryne Miller supports the hypothesis that the transactions were made to safeguard the funds still in FTX’s wallets. He confirmed that the process was expedited to mitigate damage upon observing unauthorized transactions.
On-chain data revealed multiple FTX wallets were transferring funds to a single Ethereum wallet address.
This wallet received funds from various international and U.S.-based FTX wallets, which amassed over 83,878.63 ETH, around $105.3 million in just two hours starting at 9:20 PM ET on Nov. 11, and continued to see an influx of funds.
The wallet owner swapped $26 million Tether (USDT) to DAI via 1inclh while approving USDP for trade on CoW Protocol. As the situation unfolded, the wallet also approved transfers and sales of other cryptocurrencies, including Chainlink, cUSDT, and stETH.
Tether proactively blacklisted $31.4 million worth of Tether USDT tokens tied to the transactions when FTX confirmed the hack on Telegram.
The blacklisted USDT tokens, as noted by crypto scam investigator ZachXBT, consisted of $27.5 million in USDT on Solana and $3.9 million in USDT on Avalanche.
Tether prevented hackers from transferring the funds to another account or trading them for other cryptocurrencies by blacklisting the stolen USDT token.
Ryne Miller later posted a statement from John Ray, the new Chief Restructuring Officer and CEO of FTX, noting the team has been in contact with and is coordinating with law enforcement and relevant regulators regarding the hack situation.
Ray was chosen as the new CEO after FTX filed for bankruptcy in the US and SBF resigned from his position.
“Among other things, we are in the process of removing trading and withdrawal functionality and moving as many digital assets as can be identified to a new cold wallet custodian,” Ray stated.
Nick Percoco, the Chief Security Officer of Kraken, then ignited Crypto Twitter with a brief post implying that Kraken was able to identify the hacker. Ryan Miller then asked Percoco to reach out to him regarding the situation.
A Kraken spokesperson stated, “We can confirm that our team is aware of the identity of the accounts involved in the ongoing FTX hack, and we are committed to working with law enforcement to ensure they have everything they need to adequately investigate this matter.”