The total funds stolen appear to be around $4.17 million, according to analysis by SlowMist.
Tokensoft intentionally publishes personal data of around 5,000 users who they believe are "bad actors"
Several users replied to the message in shock that their data was exposed, saying they'd never done anything wrong. The Tokensoft employee replied, "If you made it on the naughty list...yes, shame on you....I shared your info, better luck next time".
The project later deleted the link from the Discord server, then tried to claim that it had never been posted at all, then issued a statement that "information was mistakenly posted in Tokensoft's social media channels".
Bahamas Securities Commission issues statement that they didn't instruct FTX to process withdrawals for Bahamian customers
This contradicted FTX's previous statement that "Per our Bahamian HQ's regulation and regulators, we have begun to facilitate withdrawals of Bahamian funds." The announcement that they would be processing withdrawals for Bahamian customers led to a slew of non-Bahamian customers trying to find ways to withdraw their funds via bribes and shady NFT deals.
Some have viewed FTX's choice to enable Bahamian withdrawals as evidence that they were trying to allow FTX employees and family members to get access to their funds on the exchange, even when most customers had no such access.
Crypto.com CEO admits company accidentally sent 320,000 ETH ($416 million) to another crypto exchange a few weeks prior
Crypto.com's CEO, Kris Marszalek, replied: "It was supposed to be a move to a new cold storage address, but was sent to a whitelisted external exchange address. We worked with Gate team and the funds were subsequently returned to our cold storage." He later clarified that all of the funds were returned.
Twitter users, reasonably, reacted in horror at the revelation that the platform had accidentally sent such a substantial portion of their funds elsewhere in a careless mistake, and that such a monumental mistake was even possible. They were lucky that they erroneously sent the funds to another exchange, and one who agreed to return the funds.
This is not the first time Crypto.com has erroneously transferred funds; in August of this year, they sued a woman to whom they'd accidentally sent $7.2 million that wasn't hers.
An FTX account administrator wrote on the FTX support Telegram, "FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don't go on FTX site as it might download Trojans". The message was pinned by FTX General Counsel Ryne Miller.
Miller later wrote on Twitter, "Investigating abnormalities with wallet movements related to consolidation of ftx balances across exchanges - unclear facts as other movements not clear. Will share more info as soon as we have it."
A Telegram admin subsequently wrote, "Not all hope is lost. Engineers have managed to retrieve substantial amount of funds," but no details were provided beyond that. A later announcement by Miller claimed that FTX had "initiated precautionary steps to move all digital assets to cold storage", suggesting some of the transfers may have been a part of that effort.
Many speculated that the so-called hack had been coordinated by insiders.
FTX announced that it had filed for Chapter 11 bankruptcy in the United States. Sam Bankman-Fried resigned as CEO.
SBF had spoken about trying to raise additional funds. In leaked Slack messages, he had allegedly written that "One could maybe say, if they wanted to be optimistic, that we have a lot theoretically in and/or potentially for the raise". No one was actually saying this.
Analysis by the crypto security firm SlowMist attributed the theft to a compromise of Shen's seed phrase. Shen had been using the Trust Wallet software, though the theft does not appear to be related to security issues with the wallet software.
"Any FTX employees willing to change my accounts country of residence to Bahamas to facilitate withdrawal I am offering $1 million and unlimited legal fees", wrote one trader (who later claimed to be joking).
A popular crypto Twitter user named "Algod" offered $100,000 to any FTX employee who would process their KYC documents, allowing them to withdraw. He was subsequently seen to be successfully withdrawing over $2 million in assets from the platform. He also shared links to a Telegram group where his partner was offering to buy people's FTX accounts for 10¢ on the dollar, from customers who feared they may never see the money again, or would only regain access to a fraction of it after years of court proceedings. Algod later denied "erroneous and defamatory statements" that he'd bought discounted claims/assets", admitting that he'd considered it, but claiming he ultimately decided not to.
Some observers noticed over $21 million withdrawn via NFT trades, that appeared to be being used as a way to bypass the internal blocks on users transferring balances to one another. People with funds locked in FTX bought NFTs from Bahamas-based users, spending their full account balance on the NFT and thus enabling the Bahamian user to then withdraw the funds. "This appears to be the first recorded case of NFT utility in existence 👍", wrote Cobie.
The announcement went on to say, "The Commission is aware of public statements suggesting that clients' assets were mishandled, mismanaged and/or transferred to Alameda Research. Based on the Commission's information, any such actions would have been contrary to normal governance, without client consent and potentially unlawful."
- Media release by the Securities Commission of the Bahamas