Reports began to appear late on Friday night that FTX wallets looked like they were being drained in a series of mysterious transactions.
Watchers concluded that FTX had either been hacked or insiders were making off with client funds in the latest incendiary developments in the FTX collapse.
At 07.30 UTC, FTX US general counsel Ryne Miller confirmed that there have indeed been “unauthorized transactions” from the group’s wallets to addresses not under the control of FTX.
Have FTX creditors lost what little of their funds was left?
FTX filed for Chapter 11 bankruptcy yesterday, seeking protection from its creditors. Now those creditors will be worried that at least some of their funds will no longer be available to payout in claims.
A prominent dev posted on Twitter that “hundreds of millions of dollars” worth of crypto were on the move from FTX wallets. The late hour of the transactions meant it was unlikely it was liquidators at work on behalf of creditors.
Other theories were advanced to explain the movement – either it was a hack or an employee stealing the funds:
Later on-chain forensics expert ZachXBT posted on Twitter that it had been confirmed to him by former FTX employees that the receiving addresses were not FTX wallets:
Multiple former FTX employees confirmed to me they do not recognize these transfers for ~$383m
Citing the fact that FTX and FTX US are different businesses and were supposedly run as such – but we know nothing for certain now, it seems unlikely that a hacker would have been able to avail themselves of the private keys on both exchanges both at the same time unless they had inside information or were insiders.
But given the chaos at FTX anything is possible. If follows from reports that junior employees were taking it upon themselves to try and sell off some of FTX’s distressed assets, according to reports by Bloomberg.
One redditor posited the following:
This was almost certainly an inside job, as FTX and FTX US are two seperate corporate entities. It is impossible that a hacker would have access to both of their servers, keys, and backups. The FTX com site (not adding link for fat fingers) will download trojans and decrypt private keys from hot wallets.
The two main draining addresses have been identified. As much as $383 million in crypto may have been stolen:
Main draining address: https://etherscan.io/address/0x59abf3837fa962d6853b4cc0a19513aa031fd32b
Shitcoin draining address: https://etherscan.io/address/0xd8019a114e86ad41d71a3eeb6620b19dd166a969
Has the FTX app been compromised too?
There are also unsubstantiated claims that the FTX app is riddled with malware and should no longer be used – the same goes for the FTX website, according to this redditor.
However, Coinbold.io has not been able to confirm the presence of malware in either case.
But this was posted by an FTX Telegram admin:
Judging by his most recent tweet, Binance founder and CEO Changpeng Zhao (CZ ) is not impressed by the latest turn of events:
Elon Musk chipped in as well, although you would have thought he might have enough problems of his own to deal with, given the blue tick fiasco:
This story is developing…
Compiled by Coinbold