More than $600 million in crypto left bankrupt crypto company FTX’s wallets late Friday, with little clear explanation as to why.
Soon afterwards, FTX stated in its official Telegram channel that it had been hacked, instructing users not to install any new upgrades and to delete all FTX apps.
“FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don’t go on FTX site as it might download Trojans,” wrote an account administrator in the FTX Support Telegram chat. The message was pinned by FTX General Counsel Ryne Miller.
According to on-chain data, various Ethereum tokens, as well as Solana and Binance Smart Chain tokens have exited FTX’s official wallets and moved to decentralized exchanges like 1inch. Both FTX and FTX US appear to be affected.
Miller tweeted earlier in the evening that he was “investigating abnormalities with wallet movements related to consolidation of ftx balances across exchanges.”
The transfers, which have not been addressed officially by FTX leadership, come on the same day that the firm officially filed for Chapter 11 bankruptcy protection after apparently losing billions of dollars in user funds.
Read more: Bankman-Fried’s Cabal of Roommates in the Bahamas Ran His Crypto Empire – and Dated. Other Employees Have Lots of Questions
Many FTX wallet holders are also reporting that they are seeing $0 balances in their FTX.com and FTX US wallets. FTX’s API appears to be down, which could account for this.
On Twitter, members of the cryptocurrency community quickly began to speculate that the outflows could have been coordinated by a member of Bankman-Fried’s inner circle, pointing out that the simultaneous and sophisticated hacks of FTX and FTX US are indicative of a potential inside job. Twitter sleuth ZachXBT tweeted Friday night that “multiple former FTX employees confirmed to me that they do not recognize these transfers.”
As the FTX wallet address became publicly known, trolls with names like “cumsock.eth” and “downsyndromemonkey.eth” sent small sums of currency to the exchange, causing confusion among some observers, though these transactions appear to have been red herrings disconnected from the attack.
By midnight eastern time, FTX’s login portal was unavailable (the site is still online) giving users a 503 error when they attempted to log in. A 503 error happens when the server is unavailable, commonly because it’s down for maintenance or unavailable for access.