What is happening with FTX now is one of the largest collapses in the history of the crypto industry. We recently wrote about the FTX bankruptcy process, how Binance and Alameda are connected with FTX, the role of Tron in the collapse of FTX and how the collapse of FTX affected stablecoins. Today we will discuss an equally important event in this whole pile of news – FTX Hack.
A popular figure in the crypto industry, Twitter user foobar, expressed his assumptions that FTX was hacked. He noticed strange transfers from FTX wallets. Foobar tweeted about this on November 12 and with this tweet, a long thread dedicated to hacking FTX began.
After the funds left FTX wallets, strange swaps began to occur. As foobar noted, “this is super sketchy, no liquidator would be taking actions like this.”
Then someone left a message in the blockchain, which can be interpreted as the phrase “Rug Pull All".
This was followed by several more strange transfers between different wallets. Including on Ethereum and Solana.
After these strange transactions, further strange things started happening with FTX applications. They received updates. Foobar suggested that these were malware updates that were needed in order to find out the private keys of FTX users' wallets. A little later, a message appeared in the main FTX chat in Telegram that FTX was hacked, and all funds disappeared. The message also said that all FTX applications are a malware.
At the same time, Ryne Miller, General Counsel at FTX US, tweeted that everything that is happening is not hacking, but an attempt to save FTX funds.
But, at the same time, a couple of hours earlier, Ryne Miller said that he did not know what was going on.
Ryne Miller’s weird behaviour was also noticed by foobar. He suggested that Ryne Miller noticed the thefts and made attempts to save some of the funds.
Later, Ryne Miller did confirm “unauthorized access to certain assets".
In addition to strange transactions and malware apps, there were also reports that Sam Bankman-Fried manipulated accounting data. This is reported by Reuters.
“In a subsequent examination, FTX legal and finance teams also learned that Bankman-Fried implemented what the two people described as a "backdoor" in FTX's book-keeping system, which was built using bespoke software. They said the "backdoor" allowed Bankman-Fried to execute commands that could alter the company's financial records without alerting other people, including external auditors. This set-up meant that the movement of the $10 billion in funds to Alameda did not trigger internal compliance or accounting red flags at FTX, they said.”
On the evening of November 12, the Founder & CEO of IBCgroup, Mario Nawfal, referring to the Co-Founder & CEO of Hacken, Dyma Budorin, reported that the hacker was most likely an insider, and Kraken was also used during the hack. The Chief Security Officer at Kraken, Nick Percoco, responded to this tweet. He said that they know who this user is.
What do we have as a result? Тhe strange transactions that foobar noticed looked like a hacker attack. However, what are the chances that external hackers attacked wallets at the same time when FTX staff were working on consolidating the balances, as Ryne Miller wrote about? Our take is that the chances are low, yet we will continue to observe this developing story.