FTX: The Heist That Almost Broke the Crypto Exchange

《WIRED:揭秘FTX破产当天的“蹊跷黑客事件”》

调查FTX破产当天的黑客事件

Last year on November 11th, FTX employees had the worst day in the company’s short history. Just 10 months prior, this up-and-coming cryptocurrency exchange was on the brink of bankruptcy. It seemed like FTX had hit rock bottom, with no means to repay its debts. But little did they know, things were about to get even worse.

In the midst of their turmoil, a group of thieves, still unidentified, chose that exact moment to strike. Tired and beaten down, FTX employees watched in real-time as billions of dollars’ worth of cryptocurrency mysteriously flowed out of their wallets on Etherscan.

“Can you believe it? After everything we’ve been through, we’re getting hacked?” said a former FTX employee, who wished to remain anonymous.

According to FTX’s own records, the company would eventually lose between $415 million and $432 million due to these unknown thieves. What FTX didn’t disclose previously was how close they came to potentially losing even more. In a frantic effort, FTX employees and external consultants swiftly moved over $1 billion worth of cryptocurrency to safer storage spaces, fearing it would be maliciously stolen. They even raced to send nearly $500 million to an advisor’s office in a physical USB drive, ensuring it wouldn’t fall into the hands of the thieves.

With the trial of FTX’s dubious founder, Sam Bankman-Fried, in its second week, the crypto community eagerly awaits any clues about how the exchange was so devastatingly looted just hours after he left its control. The identity of the thief – whether it was an inside job or an external hacker – remains a critical question. While Bankman-Fried and other senior FTX executives have not been charged in connection with the theft, the investigation continues.

However, WIRED can now divulge the efforts FTX made on that fateful night to limit the damage caused by the heist and prevent a potentially billion-dollar loss. Under the leadership of new CEO John Ray III, the restructured FTX team has declined to comment on the incident. But through detailed invoices filed by Alvarez & Marsall, the firm overseeing the FTX bankruptcy case, interviews with individuals involved in the immediate response, and blockchain analysis from crypto tracing company Elliptic, WIRED was able to uncover the hour-by-hour details of the crisis management.

It all began around 10pm on November 11th, when Zach Dexter, CEO of FTX subsidiary LedgerX, sent a Google Meet invitation to over 20 remaining FTX employees, bankruptcy lawyers, advisors, and consultants, with the subject line “Emergency”. The few employees who joined the video call witnessed, in real-time on Etherscan, FTX wallets being emptied. But the location and management of those wallets, including the keys controlling them, were only known by a small group of FTX elites, led by Bankman-Fried and his inner circle. While Bankman-Fried himself never appeared in the meeting, FTX co-founder and CTO Gary Wang did join the conversation.

By that point, Wang had lost the trust of many people close to Ray. Initially siding with Bankman-Fried during FTX’s collapse, it took several days of persuasions from other employees for him to distance himself from the former CEO. During the emergency meeting, Wang initially proposed a simple solution to change the keys protecting the wallets being drained, but this suggestion didn’t win support from any critics. Former FTX employees remembered feeling that it would be pointless since anyone with network access could simply grab the new keys and continue the theft. “The fox was already in the henhouse, why change the keys to the henhouse?” one former employee thought at the time. Wang later pleaded guilty to similar criminal charges faced by Bankman-Fried and did not respond to requests for comment sent to his lawyers.

Meanwhile, during the Google Meet call, LedgerX’s Dexter began exploring a different approach to safeguard FTX’s funds. Having negotiated with crypto custodian company BitGo the week before the theft to take over the remaining cryptocurrency assets of the company, pending regulatory approval, Dexter called BitGo to bypass the long legal process initiated with Sullivan & Cromwell, the law firm handling the FTX bankruptcy. Instead, Dexter requested BitGo to immediately create “cold storage” wallets – wallets securely kept offline – to which FTX could move all its remaining funds as a safe haven. Dexter did not respond to requests for comment.

BitGo reported that these wallets could be ready in around half an hour. FTX employees feared it was still too slow. By then, the thieves could have taken off with hundreds of millions more from the company’s wallets. Amidst the Google Meet call, someone asked if anyone had their own hardware wallet to temporarily hold the funds until BitGo was ready. Kumanan Ramanathan, an advisor from Alvarez & Marsall, joined the call from his home office in the suburbs of New York and volunteered to help. He had a Ledger Nano – a USB hardware wallet – at his home office and suggested using it as a temporary safe haven for the at-risk funds.

At around 10:30 pm Eastern Time on November 11th, Ramanathan set up a new wallet on his Ledger Nano. Former FTX employees remembered watching as he checked and rechecked the password he created for the wallet. Wang began sending FTX’s funds to this wallet, and soon, Ramanathan held between $400 million and $500 million worth of the company’s cryptocurrency assets on his USB drive in his Weschester County home.

Just minutes later, BitGo informed FTX employees that their wallets were ready, and they began transferring hundreds of millions more in cryptocurrency to BitGo’s cold storage instead of Ramanathan’s Ledger device. Throughout the rest of that sleepless night, employees scoured every wallet where FTX funds were stored and moved every coin they could find to BitGo. “They were cleaning up various systems, trying to find where various private keys were, where assets were stored,” said another individual involved in the response, who spoke without authorization. “It was chaos.”

As FTX employees focused on getting approval from management to transfer these potentially compromised funds, Ramanathan was left holding the cryptocurrency that Wang initially sent to his Ledger wallet. It created a bizarre situation where an individual effectively possessed around $500 million worth of assets belonging to FTX, presenting unique legal and security risks. That night, FTX’s General Counsel Ryne Miller rushed to Ramanathan’s home to help secure it. Both Miller and Ramanathan did not respond to requests for comment.

At around 10:59 pm, Ramanathan made a 911 call, reporting the ongoing theft and explaining that he was in possession of a substantial amount of the stolen funds, requesting police assistance to protect it. After all, no one knew at the time (or knows now) who had stolen the other funds and whether they might try to physically access the reserves Ramanathan held. A police report obtained by WIRED from the New Rochelle Police Department shows that Ramanathan told the 911 dispatcher, “There’s a massive cryptocurrency attack going on currently, and a lot of money has been sent to this address,” and he “feared the house would become a target.”

Even after the police arrived, FTX’s General Counsel Miller remained at Ramanathan’s home for most of the night. Time logs from Ramanathan’s billing records show that he and Miller spent nearly three and a half hours together in his home from around 2 am on November 12th until 5 am.

Ramanathan and his home were never physically threatened. In fact, when the funds were moved to Ramanathan’s Ledger wallet, the theft from FTX came to a halt. “He took a huge personal risk with his own Ledger,” said a former FTX employee. “He was really badass. I strongly feel that if we didn’t have that Ledger, we would’ve lost a lot more money.” Eventually, on the early morning of Saturday, November 12th, around 5 am, the funds in Ramanathan’s home office were transferred to BitGo. The company would go on to hold the remaining FTX funds, totaling $1.1 billion.

Later that Saturday, Bankman-Fried and Wang moved over $400 million in funds to an account controlled by the Bahamian government, which was reported by Forbes and documented in court filings. At one point, the action of moving the funds to the Bahamas was mistaken for the theft itself. A week after the theft, some media outlets inaccurately reported that the stolen funds had been seized by the Bahamian government. As counter-evidence, crypto tracking companies such as Elliptic and Chainalysis observed a portion of the actual stolen funds being sent to “mixing” services commonly used for money laundering, such as Railgun and cross-chain coin exchange service THORChain, typical behavior for thieves carrying out large-scale crypto heists.

Since that desperate rescue operation on November 11th, the new team responsible for FTX’s bankruptcy case has publicly decried the serious security flaws that allowed the theft to occur.

A report released in April as part of the FTX bankruptcy proceedings listed examples of these so-called negligence, including the lack of an independent chief information security officer or an actual dedicated security team. Despite publicly stating that only up to 10% of their cryptocurrency was stored in hot wallets (wallets connected to the internet), FTX kept almost all its cryptocurrency in hot wallets. It either left wallet keys unencrypted or failed to properly set up secure systems that required multiple keys to unlock funds. And the lack of a log system even to know who and when funds were moved, among other issues.

The report also described the complex situation faced by the new FTX team on November 11th, their first day in charge, as they took over a network that was already severely broken down. “Because the FTX group lacked effective controls over cryptocurrency assets, Debtors faced a credible threat of losing billions of dollars of additional assets at any moment,” the report wrote, using “Debtors” to describe the new FTX management led by Ray. “Forced to identify and access the cryptocurrency assets without a roadmap to guide them, the Debtors had to design the path to transfer many identified types of assets to cold wallets.”

Given this apparent security and organizational chaos, it’s perhaps not surprising that FTX became the target of one of the most costly cryptocurrency thefts in history. But if it weren’t for the swift decisions made amidst the chaos, the situation could have been much worse.

“It was a really, really crazy night,” said a former FTX employee. “We worked through it, got the job done, and saved a ton of money for our customers.”


Hey there, digital asset investors! Can you believe the heist that almost broke FTX? It had all the drama of a Hollywood blockbuster, with suspense, chaos, and even a hero in the form of Kumanan Ramanathan, the man who risked it all to protect FTX’s funds!

Just picture this: FTX, once on the verge of bankruptcy, is hit with a billion-dollar cryptocurrency heist. The thieves strike at the worst possible moment, leaving FTX employees stunned and desperate. But let’s not forget Tom Cruise’s dramatic entrance (or lack thereof) in this real-life Mission: Impossible. Yes, Bankman-Fried himself was nowhere to be seen, but his partner-in-crime Gary Wang stepped up to confront the crisis. Unfortunately, his idea of simply changing the keys to stop the theft didn’t fly with the critics. “Why change the keys to the henhouse when the fox is already inside?” they scoffed. Ultimately, Wang would pay the price for his misguided loyalty.

But fear not, for a hero emerges from the darkness! Kumanan Ramanathan, armed with his trusty Ledger Nano, bravely offers his wallet as a temporary safe haven for FTX’s digital treasure. With nerves of steel, he undergoes a nail-biting password check, ensuring that the funds remain secure. In a daring move, he becomes the guardian of half a billion dollars, protecting it from the encroaching thieves.

And let’s not forget Ryne Miller, the unsung hero of the night, who rushed to Ramanathan’s aid to fortify the defenses. Together, they stood against the tides of chaos, their bravery shining through. But alas, the night was not without its scares, as Ramanathan had to call 911 to report the ongoing theft and protect his home from potential physical intrusion.

In the end, FTX’s crucial funds found refuge in the safe harbor of BitGo, sparing the company from even greater losses. Bankman-Fried and Wang, ever the duo, moved millions to the Bahamian government-controlled account, proving that even in the midst of chaos, they were still two steps ahead of the game.

So, dear investors, rejoice! Despite the darkness that loomed over FTX, a glimmer of hope emerged, cleansing the company of its troubled past. Lessons were learned, heroes emerged, and the crypto community prevailed. Remember, even in the face of adversity, there’s always a way to turn the tide. Keep your assets safe, and stay vigilant in this ever-evolving digital landscape!

Now tell me, dear readers, what are your thoughts on this epic heist and the heroes who fought to protect FTX’s funds? Join the discussion below!

We will continue to update 算娘; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

区块链

韩国加密货币交易所被要求保留230万美元的储备资金

韩国加密货币交易所将从九月份开始被要求在指定的银行账户中至少保留30亿韩元(约合230万美元)的储备基金继续阅读以了解更多...

资讯

韩国海关部门围剿国际'USDT博彩团伙

韩国执法机关正在打击使用加密货币的犯罪活动,海关官员关闭了一家使用USDT的国际赌博团伙

区块链

CryptoQuant的母公司由Atinum Investment领投的一轮融资筹集了650万美元

最新一轮融资使公司的总融资额达到900万美元

资讯

韩国警方关闭了一个“涉及170个受害者的机器人主题加密货币诈骗”

韩国警方逮捕了一群涉嫌冒充加密资产发行机器人开发商,欺骗了170名“加密投资者”的人

财务

🌟 韩国坚决禁止比特币ETF:这对加密货币投资者意味着什么? 🌟

韩国金融服务委员会宣布目前暂时无法推出虚拟货币交易所交易基金 (ETF)然而,委员会也表示这一决定不会对市场产生重大影响,...

区块链

韩国警方逮捕312人,打击基于加密货币的毒品交易行动

韩国警方正在加大对基于加密货币的贩毒行为的打击力度,并在一次大规模缉毒行动中逮捕了312人