Hackers Take $400 Million from FTX Crypto Exchange

Colin Thierry Colin Thierry
Published on: November 16, 2022
Hackers Take $400 Million from FTX Crypto Exchange

FTX, the massive crypto exchange that recently went bankrupt, announced that it fell victim to a hack of over $400 million last week. 

The crypto exchange filed for bankruptcy last week following questionable practices from its CEO and other executives.

The threat actor was able to steal more than $400 million from FTX before the funds went into cold storage. One of the first measures FTX took after going bankrupt was to block all transactions, so users with any cryptocurrency in their accounts could not withdraw it or move it to another exchange.

According to reports from Coindesk, an FTX Support Telegram chat account administrator wrote that “FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don’t go on FTX site as it might download Trojans.” While it’s not yet confirmed if this information is completely accurate, FTX General Counsel Ryne Miller pinned the message in the chat.

Miller also wrote in a Twitter post on Saturday that FTX was in the process of moving the funds to cold storage, which would make it impossible for hackers to access them.

“Following the Chapter 11 bankruptcy filings — FTX US and FTX [dot] com initiated precautionary steps to move all digital assets to cold storage,” said Miller in his Twitter post. “Process was expedited this evening – to mitigate damage upon observing unauthorized transactions.”

The cyberattack took place late last week, on Friday. According to crypto intelligence platform Arkham Intelligence, the hacker extracted $215 million in ETH, $48 million in DAI, $44 million in BNB, $4 million in USDT, and $3.8 million of MATIC.

The threat actor then started to move the stolen funds around quickly by transferring them to other currencies and to other wallets. Coinbase also reported that the hacker may have been an FTX insider since so many cold wallets were impacted. While the investigation is currently ongoing, the companies looking into the hack said that they will soon uncover the attacker’s identity.

About the Author
Colin Thierry
Colin Thierry
Cybersecurity researcher and journalist
Published on: November 16, 2022

About the Author

Colin Thierry is a cybersecurity researcher and journalist who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.