FTX had a rough month in November 2022.  The crypto exchange declared bankruptcy due to a lack of liquidity and after a deal by Binance to purchase the company fell through.  The exchange’s troubles worsened on November 11 when the company suffered a devastating hack.  The attacker managed to steal approximately $338 million from FTX wallets hours after its official declaration of bankruptcy.

Inside the Attack

Hours after FTX declared bankruptcy, the exchange began investigating “unauthorized transactions” that moved $338 million in tokens out of the company’s wallets.  During the bankruptcy process, the company was in the process of moving assets to cold wallets and more secure storage options.

A post in the FTX Support Telegram channel indicated that the issue may be more significant than a loss of funds by the exchange.  An account administrator warned, “FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don’t go on FTX site as it might download Trojans.”

Lessons Learned From the Attack

Times of uncertainty often provide opportunities for cybercriminals to exploit vulnerabilities or social engineer employees.  In the case of FTX, the chaos caused by the company’s bankruptcy proceedings gave an attacker an opening to steal $338 million and potentially deploy malware to target FTX users.

Explained: The FTX Hack (November 2022)
Rob Behnke
11.14.2022