FTX Hacked for at Least $650M in Mega-Heist Friday Night

Hackers drained hundreds of millions of dollars from insolvent crypto exchange FTX Friday night, just hours after it declared bankruptcy, in one of the largest heists in crypto history. 

There are five known wallet addresses involved in the exploit. One hacker made off with about $450M in cryptocurrencies, according to crypto sleuth ZachXBT, while about $200M went to another pair of wallets. The total amount drained from the failed exchange is at least $650M, according to estimates from ZachXBT.

“Investigating abnormalities with wallet movements related to consolidation of ftx balances across exchanges – unclear facts as other movements not clear,” Ryne Miller, the company’s general counsel said in a tweet late Friday evening New York time, in a post that was retweeted by FTX’s Twitter account. 

FTX CEO John Ray, who took over Friday after Bankman-Fried announced his resignation, said in a statement the company was coordinating with law enforcement and regulators.

“Among other things, we are in the process of removing trading and withdrawal functionality and moving as many digital assets as can be identified to a new cold wallet custodian,” he said. “As widely reported, unauthorized access to certain assets has occurred.” 

Ray did not confirm how much had been stolen or recovered.

“Unauthorized Transactions”

At least part of the funds were drained by FTX itself, as it prepared for bankruptcy proceedings. The exchange accelerated the process after the hack started, Miller said.

“FTX US and FTX [dot] com initiated precautionary steps to move all digital assets to cold storage,” Miller said in a tweet. “Process was expedited this evening – to mitigate damage upon observing unauthorized transactions.”

The hack marks a shocking end to a disastrous week, when Sam Bankman-Fried’s crypto empire unraveled. Last week news broke that about 40% of assets at Bankman-Fried’s hedge fund Alameda Research were in FTX’s own token FTT, and that the exchange had been lending Alameda billions in customer funds. The reports led to billions of dollars in customer withdrawals, a 90% plunge in FTT, and finally, the filing for chapter 11 bankruptcy Friday.

Customer Accounts Drained

FTX customers who had their hands tied as withdrawals had been halted (except from Bahamas citizens, where the exchange is based), reported seeing their accounts slashed to $0 as the hack progressed.

Speculation is still spinning as to who might be responsible for the exploit. Saturday morning, the chief security officer at Kraken, Nick Percoco, said the exchange knew one of the hacker’s identities. Some of the crypto was deposited to Kraken, a competing exchange.

Some security researchers, including Dyma Budorin, the CEO of, have posited the hack was an inside job, the work of an FTX employee with little experience moving money across blockchains. 

A more experienced hacked would have drained and moved money more quickly and would have avoided crypto exchanges with know-your-customer rules, Budorin said

FTX App Compromised

As the chaotic hack unfolded and on-chain observers scrambled to track the flow of money, an administrator in FTX’s Telegram chat warned followers to delete their FTX mobile applications and avoid the FTX website, as both had been hacked and could inject malware to users’ devices. 

A pair of the wallets on the receiving end of hacked funds were labeled “fucksbf” and “fuckftxandsbf.eth.” The hack drew the attention of Twitter CEO Elon Musk, who wrote, “FTX meltdown/ransack being tracked in real-time on Twitter.”