FTX Hack: What We Know

FTX, once the third largest crypto exchange in the world, recently filed for bankruptcy after “temporarily” pausing withdrawals. Amongst users being unable to withdraw their funds or even log into the website, a suspicious set of transactions started to take place, and users could only sit and watch the blockchain and start asking around. What really happened here?

FTX: We Have Been Hacked

On the official FTX Telegram channel, an account administrator wrote the following:

“FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don’t go on FTX site as it might download Trojans,”

This was confirmed by FTX’s new CEO, John Ray. FTX General Counsel Ryne Miller added more information, stating on Twitter:

“Following the Chapter 11 bankruptcy filings – FTX US and FTX [dot] com initiated precautionary steps to move all digital assets to cold storage. The process was expedited this evening – to mitigate damage upon observing unauthorized transactions.”

An Inside Job?

The timing of this is very strange. FTX had been operating for 3 years when it failed, and it would be easier for a hacker to siphon off funds while the exchange was still active and withdrawing funds for customers.

It’s almost too much of a coincidence that while FTX is filing for bankruptcy, their head lawyer is planning to lock down funds, they just happen to get hacked at exactly that moment, and $663 million of their liquid assets go missing.

The attacker’s wallet holds $338 million of assets, which at the time of writing makes him the 35th largest ETH holder in the world. Given that both FTX international and FTX US were hacked at the same time, the explanation that one person hacked both sites independently at the same time and withdrew all the funds is unlikely, although it is possible someone had access to both and was waiting for the right time.

Someone who had access to private keys (i.e., an employee or owner) would be able to extract these funds, although we have no proof that this has happened.

How Decentralized Is DeFi?

In June 2016, the Ethereum DAO was hacked, and one third of its funds were stolen. Ethereum was still very new at the time, and a majority of miners agreed to rewrite the past, eliminating the hack and returning the stolen funds but also breaking one of the core principles of decentralized cryptocurrencies.

The cryptocurrency Ethereum Classic was formed from a minority fork, but it never had the same funding or backing that mainstream Ethereum has, and its value tanked over the years.

Fast forward to today, and Ethereum has now completed The Merge to become a Proof of Stake (PoS) cryptocurrency. At the time of writing, over 73% of validated blocks on Ethereum are now OFAC compliant. That means Ethereum would refuse to admit any transactions that fell foul of US sanctions.

Combine this with the fact that Tether has unilaterally frozen $46 million of USDT, and one wonders whether any funds sent on the blockchain are actually sent or can be reversed at a moment’s notice. Having said that, we doubt that the $36 million that SBF spent on the recent US midterm election will be reversed any time soon.


In short, even if these hacked funds can be frozen or reversed on the blockchain, this would create even bigger follow-on consequences. FTX has shown us that it’s not safe to keep your crypto on a centralized exchange, but now even decentralized exchanges and the stablecoins that run them might not be as safe as they once seemed.


Will Hacked Funds be Returned?

This is a tough call to make. Law enforcement has had success in tracking down crypto hackers in the past and returning their funds, although this takes a long time to eventuate.

The largest and most memorable event was when Bitfinex was hacked back in 2016, and it took six years for the authorities to track down the perpetrators. Ilya Lichtenstein and Heather Morgan (better known as Razzlekhan or The Crocodile of Wall Street) were arrested in February this year, and $3.6 billion of the total $4.5 billion was recovered.

The main thing that helped authorities was the fact that blockchains are public and that it is very hard to launder large sums of money through them, even when using coin mixers such as Tornado Cash (which is now sanctioned by the US and banned from Ethereum by the OFAC-compliant validators).

If we’re lucky, the FTX hacker will make some of the same mistakes as the Bitfinex hackers, and a dedicated law enforcement team will track him down and return the funds sometime in the next few years.

Can We Do Anything Now?

Unfortunately, FTX funds are not insured against theft or mismanagement. FTX claimed this was the case earlier this year, but in August, they were sent a cease and desist letter from the FDIC for making untrue statements.

This means you have no federal insurance protection, even if you’re a US citizen and an FTX US user, but there may be other ways to recover your funds. Your best course of action is to register your case with the local authorities in your country, and if you need any advice or assistance with this process, our team of experts is more than happy to help.