Wallets tied to FTX and FTX US have seen $659 million in cumulative outflows over the past 24 hours, according to Nansen.
Collapsed cryptocurrency exchange FTX reportedly faced a series of unauthorized transactions over the weekend, prompting several warnings from users and analysts against interacting with its mobile app or website.
Wallets associated with FTX saw roughly $266.3 million worth of outflows on Nov. 11, according to analytics firm Nansen. FTX US, a separate entity operating in the United States, was reportedly drained of $73.4 million.
$266M has been withdrawn from FTX in the last 24 hours
$73M from FTX US pic.twitter.com/qoiroPSegq
— Nansen (@nansen_ai) November 12, 2022
The magnitude of the alleged attack appears to have intensified overnight, with net outflows from FTX and FTX US totaling $659 million, according to Nansen data journalist Martin Lee. That represents roughly one-third of the wallets’ net outflows over the past seven days.
We’ve seen over $2B in net outflows from FTX Intl and FTX US over the past 7 days
Of which $659M (33%) happened in the last 24 Hours
Somehow no congestion or long wait times when the wallet was getting mass drained pic.twitter.com/NJJcMJppSZ
— Martin Lee | Nansen (@themlpx) November 12, 2022
FTX US general counsel Ryne Miller confirmed on Nov. 12 that the transactions were unauthorized and that FTX US had moved all remaining crypto into cold storage as a precaution.
Following the Chapter 11 bankruptcy filings – FTX US and FTX [dot] com initiated precautionary steps to move all digital assets to cold storage. Process was expedited this evening – to mitigate damage upon observing unauthorized transactions.
— Ryne Miller (@_Ryne_Miller) November 12, 2022
Investigating abnormalities with wallet movements related to consolidation of ftx balances across exchanges – unclear facts as other movements not clear. Will share more info as soon as we have it. @FTX_Official
— Ryne Miller (@_Ryne_Miller) November 12, 2022
A Nov. 12 blog post from blockchain forensics firm Elliptic suggests that the drain has seen various tokens on Ethereum, Binance Smart Chain and Avalanche removed. However, they said that of the $663 million drained, around $477 million is suspected to have been stolen, while the remainder is believed to be moved into secure storage by FTX themselves.
An administrator for FTX’s Telegram group confirmed that the exchange was hacked and urged users not to use the FTX website due to potential security vulnerabilities. “Don’t go on ftx site as it might download Trojans,” wrote community administrator Rey.
FTX’s meltdown and apparent security breach were documented in near real-time on Twitter, with some users claiming that FTX customers were receiving SMS messages and emails urging them to log into the app and website, which have since been infected with a Trojan.
Reports of SMS messages & emails being sent by FTX to customers to log into the app & website, which are infected with a trojan as part of the hack
FTX has millions of users. Things are about to get a LOT worse.
Please warn as many ppl as you can before it’s too late!
— Mario Nawfal (@MarioNawfal) November 12, 2022
Kraken’s chief security officer Nick Percoco later Tweeted that they were aware of the user’s identity, but did not share any more information publicly.
We know the identity of the user.
— Nick Percoco (@c7five) November 12, 2022
Related: Sam Bankman-Fried apologizes for FTX liquidity crisis: ‘I fucked up twice’
At the beginning of the week, FTX held the reigns as a top-three cryptocurrency exchange. Its monumental collapse began on Nov. 7 when Binance CEO Changpeng Zhao tweeted that his exchange would be liquidating its entire FTX Token (FTT) position amid insolvency rumors and shady business dealings with sister firm Alameda Research. The announcement prompted a bank run on FTX, from which it could not recover.
On Nov. 11, former FTX CEO Sam Bankman-Fried announced that FTX, FTX US and Alameda Research were filing for bankruptcy.
Update Nov. 12, 11:20 pm UTC: Added information from Elliptic and a Tweet from Kraken’s chief security officer claiming to know the identity of the exploiter.