FTX Hacked: Hacker Identity Revealed by Kraken

FTX Advises Users to Delete App and Avoid Website

On the same day FTX, FTX US, and Alameda Research filed for bankruptcy, more than $600 million was reportedly drained from the cryptocurrency exchange. Many FTX users reported that their wallet balance showed $0. Shortly afterwards, FTX officials confirmed on Telegram that a hack was ongoing, warning all users to delete the app and avoid visiting the website due to a possible malware attack.

Source: FTX_Official (Telegram)

See also: SBF vs CZ War: What’s Happening with FTX and Binance?

Tether Blacklists Stolen USDT of the FTX Hack

A sizeable portion of the stolen funds contained USDT. After FTX’s announcement, Tether immediately blacklisted $31.4 million worth of USDT linked to the transactions. According to ZachXBT, a blockchain investigator widely trusted by the DeFi community, the blacklisted USDT were made up of $3.9 million USDT on Avalanche and $27.5 million USDT on Solana.

By blacklisting the stolen USDT, hackers will not be able to move them to other accounts or exchange them for other crypto. To compensate victims of the hack, Tether will burn the blacklisted USDT and reissue equal amounts of tokens to the original owner(s).

FTX Hack Speculated to be an Inside Job

Suspicions circulated on Twitter that the “hack” was a smokescreen for FTX insiders (possibly Sam Bankman-Fried himself) to run off with the funds. The timing of it all was too much of a coincidence to suggest an external attacker taking advantage of the situation.

A former senior FTX employee, quoted by Autism Capital, believed that it was impossible for someone outside of FTX to have so much root access so quickly, suggesting an inside job is highly likely. To corroborate this, FTX CTO Gary Wang was seen making major changes to FTX’s GitHub code, which implies that the source of the “hack” began there.

Dyma Budorin, co-founder and CEO of Hacken, also concurred that it was an inside job, albeit the “hacker” was inexperienced and sloppy.

Kraken Reveals Hacker Identity to be FTX Insider

The crypto community kept a close eye on the movement of the stolen funds, and discovered that one of the wallet addresses was linked to a Kraken exchange, where the hacker offloaded funds to a Tron wallet. This was a huge blunder for the hacker as Kraken holds know-your-customer (KYC) information of all registered accounts, allowing them to track down the wallet user.

As a result, Kraken CSO Nick Percoco announced on Twitter than they know the identity of the hacker, and are assisting law enforcement agencies with the investigation. Percoco later confirmed that the wallet indeed belongs to a verified account registered by FTX. Sam Bankman-Fried and FTX will be making a public statement regarding this issue.

To follow up on the investigation, Kraken has frozen accounts associated with the FTX Group and Alameda Research. They assured that they maintain full reserves and other Kraken clients are not affected.