FTX faces potential hack, sees mysterious outflows totaling more than $600M

All: I know it's a bit hard but if you're going to comment on this, please review your comment to make sure it isn't shallow, lurid, or gloating. Most posts so far in this thread have been below that line. On HN we want thoughtful, substantive, and above all curious comments—where by curious is meant intellectually curious, not gawking.

https://news.ycombinator.com/newsguidelines.html

The hacker has spent the last 11 hours slowky and incrementally converting all the various tokens they got to ETH. They've been using a variety of different defi exchange and have eaten large slippage fees, at least once over 5M lost in slippage.

We're not seeing any else, e.g. laundering through another exchange, splitting into different accounts, automating the liquidation of tokens to ETH, off loading ETH into a cold wallet etc.

The on chain activity makes this look like an individual who did not prepare extensively before doing this or doesn't have the skills to use automation/operational best practices

EDIT: first outflows from 0x59abf3837fa962d6853b4cc0a19513aa031fd32b have started, they still haven't liquidated all their PAXG, a stable coin pegged to gold, unclear if it's freezable.

They were able to liquidate all of their USDT except 4M on avalanche, and all of their usdc both of which can be frozen. Dai is a usd pegged stable coin that can't be frozen, they have nearly 1% of it. Note that Dai is heavily exposed to USDC so authorities could pressure USDC to destroy Dai

> Investigating abnormalities with wallet movements related to consolidation of ftx balances across exchanges - unclear facts as other movements not clear. Will share more info as soon as we have it.

From FTX's general counsel[1], retweeted by FTX_Official. So that indicates it's not being sold off legitimately under some sort of liquidation proceedings. It could be insiders or it could be hackers.

[1] https://twitter.com/_Ryne_Miller/status/1591281729125613570

Rumors on Twitter[2] are there was also an update just pushed to the FTX app. Concerns are the update may contain malware. It makes sense to uninstall the FTX app if you have it.

[2] https://twitter.com/zachxbt/status/1591295039946493952

Patrick Boyle breaks down the situation with his usual eloquence and dry humor. Video is worth watching just for the chart of the corporate structure. https://youtu.be/zTFhnpf-IE0

It gets worse: somebody has pushed what appears to be a malicious update to the FTX app, and the official FTX telegram channel is warning people not to even browse to the website!

https://twitter.com/zachxbt/status/1591293813519253504

This last week has been a rollercoaster. I've been in crypto since a long time ago and have seen quite a bit, but this FTX implosion takes the crown. And to be honest, I don't think its over.

It's been stated that FTX can access the wallets of their customers [1], I wonder if employees or other bad actors knowing the ship is sinking have decided to - forgive me for the quip - plunder any remaining assets.

1: https://www.coindesk.com/policy/2022/11/10/ftx-violated-its-...

Here is a view of the assets on-chain for anyone that's interested:

https://debank.com/profile/0x59abf3837fa962d6853b4cc0a19513a...

Currently at ~$390M. It looks like they're trying to swap most of the tokens they received into ETH on-chain.

FTX is just an exchange right? Any sensible person only puts funds into an exchange that they want to trade. Not your keys, not your crypto.

A cousin of mine, just a week ago proudly showed me his balance on FTX. He had earned close to 1 BTC through the various crypto consulting jobs he’d done this month. This was a huge deal for him as he’d been unemployed/underemployed for many years. And now this crap takes place. I’ve been unable to reach him since leading me to suspect that he has probably lost his money. I sincerely hope that is not the case but this entire fiasco breaks my heart. I hope SBF and his accomplices suffer and rot.

Regardless of whether you are pro- or anti- crypto, the collapse of FTX, SBF's bubble bursting in a rather extreme fashion, and now this hack are more nails in the coffin for mainstream support.

I am no fan of crypto myself, but it's interesting to think what would have to happen for crypto to burnish its image.

Would key people have to voluntarily form some sort of coordinating council and self-regulate? Would they have to invite governments to regulate them better? Whatever the solution is, I'd be highly surprised if it could be done algorithmically and reassure anyone.

This is additionally a reminder that crypto currently holds a fairly irreconcilable catch-22.

"Freezeable" tokens completely defeat the purpose of a decentralized currency. Why create nodes/verifiers etc if a wallet can be unilaterally frozen, either under pressure from gov't, community, or another entity.

However NOT allowing freezeability allows for massive hacks, either by insiders, poor security, or sloppiness.

Seems the solve is somewhere in the middle, a pool of trusted intermediaries.

Surely it's not a coincidence that on the day FTX announces bankruptcy, this gigantic hack occurs?

Some folks in this thread are speculating this might've been an inside job.

I suspect, it's likelier that hackers had been aware of a vulnerability for some time, had a plan to drain these funds, but decided to hasten the timeline on the basis of the news FTX was going under.

So, let’s assume that this hack is not meant to preserve money, but to destroy evidence. If you spread a lot of s** around and overwrite all this stuff with malware, does it create plausible deniability?

"I was initially a crypto skeptic, but after studying some of the more interesting crypto projects, I have come to believe that crypto can enable the formation of useful businesses and technologies that heretofore could not be created."

The telephone, the internet, and crypto share one thing in common. Each technology improves on the next in terms of its ability to facilitate fraud.

As such, I was initially a crypto skeptic, but after studying some of the more interesting crypto projects, I have come to - Bill Ackman (@BillAckman) November 20,

Fraud. This is why banking regulation is important, almost all banking laws on the books exists because someone got screwed.

FTX General Counsel confirmed unauthorized transactions: https://twitter.com/_ryne_miller/status/1591326796305530880?...

This is absolutely wild and unprecedented. Imagine being a victim of Madoff's ponzi and - after already being traumatized by the unveiling of the fraud - discovering that the rest of the money had been stolen.

Madoff's ponzi was larger, but the recovery rate was 88%. It looks like customers who didn't withdraw in time will end up with 0%.

There's no way this is a coincidence. This is undoubtedly people who work(ed) at the company and were trusted with private keys trying to get away with some money while they can.

What I don't get (well I do, lobbying and inside deals), is why these guys have run so long (especially Tether). Just because crypto is a 'decentralised' wild west opposed to government shouldn't mean they sit outside of the laws around fraud, laundering and deception, especially if they're registered companies.

The lack of legal focus, given the obvious illegitimacy of it all is disgraceful and I can't even imagine the size of the wealth transfer happening through all this.