Sam Bankman-Fried crypto exchange ‘hack’ likely an inside job as $339 million frozen in three wallets
A note attached to the company’s Telegram channel reads: “FTX has been hacked. FTX apps are malware. Delete them. The chat is open. Do not visit the FTX website as it may download trojans.”
FTX customers watched their account balances — which had been frozen during the week to stop a bank run — rerate to $0.
According to Arkham Intelligence, one of the parties involved in the hack appears to have removed around $400 million in a variety of cryptocurrencies from frozen customer wallets.
They then used several decentralized exchanges to exchange tokens, including Uniswap, 1inch, and CoW Swap.
These trading platforms allow users to exchange coins without providing any identifying information.
But in a hurry, they struggled to dump less liquid tokens like MATIC, LINK and PAXG.
Arkham Intelligence says $339 million in crypto has ended up as: $215 million in ether, the native token of the Ethereum blockchain; $48 million in DAI; USD 7 million DAI on BSC; $41 million in BNB, the Binance ecosystem’s native token; $4 million in Tethers USDT stablecoin on the Avalanche blockchain; $20 million of frozen PAXG; and $3.8 million by Ploygon’s MATIC in Matic Bridge.
Speculation that the “hack” was carried out by FTX insiders has grown louder.
Dyma Budorin, founder and CEO of security firm Hacken, told Coindesk on Tuesday, the attacker had access to all of the FTX cold storage wallets that were exploited.
Private keys are required for this access, which were possibly in the hands of FTX managers.
Budorin said that Hacken had also been monitoring the blockchain transactions and discovered that the raider was falsely identifying himself while trying to use the Kraken crypto exchange.
Kraken froze the accounts in response to Hacken’s red flag.
“We know the identity of the user,” Nick Percoco, chief security officer of crypto exchange Kraken, said at the weekend. This person is considered to be a US citizen.
Hacks like this are quite common. In the late March hack of Ronin Bridge, a cryptocurrency exchange for games, North Korean thieves took $540 million. And earlier this year, cryptocurrency tracking led to the bust of a New York couple accused of laundering $4.5 billion in crypto.
While questions are raised about whether FTX executives were responsible for the theft, the case bears some resemblance to the half a billion dollars worth of bitcoin stolen from Mt Gox, the first cryptocurrency exchange, in 2014.
At the time, Chainalysis, a crypto-tracking firm, worked with law enforcement to determine that the theft was carried out by external hackers rather than Mt Gox employees.
Finally, Alexander Vinnik, a Russian man, was arrested in Greece in 2017 and later convicted of laundering the stolen Mt Gox funds, exonerating Mt Gox employees.