The people in charge of FTX seemed to confirm rumors that Telegram had been hacked by telling users to delete FTX apps and stay away from its website.
Late Friday night, more than $600 million in crypto left the wallets of the bankrupt crypto company. There isn’t a clear reason why.
Soon after, FTX announced on its official Telegram channel that it had been hacked and told users not to install any new updates and to delete all FTX apps.
“Someone broke into FTX. Malware is FTX apps. Get rid of them. Chat is open. “Don’t go to the crypto company site because it might download Trojans,” wrote an account administrator in the FTX Support Telegram chat. Ryne Miller, who is the General Counsel for the crypto company, pinned the message.
On-chain data shows that different Ethereum tokens and Solana and Binance Smart Chain tokens have left FTX’s official wallets and moved to decentralized exchanges like 1inch. It looks like both the crypto company and FTX US are affected.
Miller tweeted earlier in the evening that he was looking into “abnormalities with wallet movements related to the consolidation of the crypto company balances across exchanges.”
The transfers, which haven’t been officially explained by FTX’s leaders, happen on the same day that the company officially filed for Chapter 11 bankruptcy protection after apparently losing billions of dollars in user funds.
Many people who have crypto company wallets are also saying that their FTX.com and Futures Exchange US wallets have $0 in them. The FTX API seems to be down, so this could be why.
Members of the cryptocurrency community immediately said on Twitter that they thought the funds had been drained as part of an attack. As proof, they pointed to the fact that some of the transactions appear to include notes with lewd jokes and insults about FTX founder Sam Bankman-Fried.
Others thought that a member of Bankman-inner Fried’s circle might be in charge of coordinating the outflows. They pointed out that the simultaneous and sophisticated hacks of the crypto company and FTX US could be signs of an inside job.
Friday night, Twitter detective ZachXBT tweeted that “multiple former Futures Exchange employees have told me that they do not recognize these transfers.”
As soon as the wallet address was made public, many of the transactions with names like “cumsock.eth” and “downsyndromemonkey.eth” seemed to be trolls.
By midnight Eastern time, FTX’s login portal was no longer working. The site is still up and running, but when users tried to log in, they got a 503 error. A 503 error means that the server isn’t available. This is usually because the server is down for maintenance or can’t be reached.
