Taking a Closer Look at the FTX Hack

2 min read
Ftx Hack

Over $477 million was reportedly stolen from FTX and FTX US in a suspected black hat theft.


On November 12, 2022, over $477 million was reportedly stolen from FTX and FTX US in a suspected black hat theft, while approximately $175 million is believed to have been moved into secure storage by FTX.

Introduction to FTX#

FTX is the cryptocurrency exchange, which filed for bankruptcy on November 11, 2022.

Vulnerability Assessment#

The root cause of this heist is unknown at the moment. On the FTX support channel in Telegram, one of the FTX account administrators said that FTX applications were malware and that the FTX site could download Trojans.

Ryne Miller, the General Counsel for FTX stated that FTX was looking into unusual wallet movements related to the consolidation of FTX balances across exchanges.

He further mentioned that the company took precautionary measures and moved all of its digital assets to cold storage, which meant that the cryptocurrency wallet was no longer connected to the internet.


Step 1:

One of the withdrawals to the drainer’s address revealed that approximately $26 million were swapped from Tether to DAI.

Step 2:

After exchanging USDT for DAI, the perpetrator further swapped $44 million worth of stETH for ETH.

Step 3:

The compromised assets include $278 million on Ethereum, $106 million on Solana, $89 million on BSC and $4 million on Avalanche totaling $477 million.

Step 4:

At the time of this writing, the drainer’s address holds around $314,809,774 worth of assets across multiple networks.

Step 5:

During this event, it is speculated that a portion of the funds were sent to a multisig address as part of a white-hat rescue operation.

Step 6:

On the Tron network, the alleged hacker also transferred funds to a newly created account where all FTX.US funds were also transferred.


It remains unclear whether all of the operations, including the transfer of funds, were done out by a hacker, an internal team member, or it could just be a part of the FTX's bankruptcy proceedings to relocate the funds to a safer location.

The transfers took place on the same day the company filed for Chapter 11 bankruptcy protection in the United States after misappropriating billions of dollars in user funds. At this time, online rumors have circulated that an insider may have been responsible for the event, as opposed to an outsider.

Reference Sources Elliptic, Ryne Miller