Last updated 11:46 UTC 12th November 2022 – Reports began to appear late on Friday night that FTX wallets looked like they were being drained in a series of mysterious transactions.
Watchers concluded that FTX had either been hacked or insiders were making off with client funds in the latest incendiary developments in the FTX collapse.
At 07.30 UTC, FTX US general counsel Ryne Miller confirmed that there have indeed been “unauthorized transactions” from the group’s wallets to addresses not under the control of FTX.
Have FTX creditors lost what little of their funds was left?
FTX filed for Chapter 11 bankruptcy yesterday, seeking protection from its creditors. Now those creditors will be worried that at least some of their funds will no longer be available to payout in claims.
A prominent dev posted on Twitter that “hundreds of millions of dollars” worth of crypto were on the move from FTX wallets. The late hour of the transactions meant it was unlikely it was liquidators at work on behalf of creditors.
Other theories were advanced to explain the movement – either it was a hack or an employee stealing the funds:
Later on-chain forensics expert ZachXBT posted on Twitter that it had been confirmed to him by former FTX employees that the receiving addresses were not FTX wallets:
Multiple former FTX employees confirmed to me they do not recognize these transfers for ~$383m
Citing the fact that FTX and FTX US are different businesses and were supposedly run as such – but we know nothing for certain now, it seems unlikely that a hacker would have been able to avail themselves of the private keys on both exchanges both at the same time unless they had inside information or were insiders.
But given the chaos at FTX anything is possible. If follows from reports that junior employees were taking it upon themselves to try and sell off some of FTX’s distressed assets, according to reports by Bloomberg.
One redditor posited the following:
This was almost certainly an inside job, as FTX and FTX US are two seperate corporate entities. It is impossible that a hacker would have access to both of their servers, keys, and backups. The FTX com site (not adding link for fat fingers) will download trojans and decrypt private keys from hot wallets.