FTX: The Heist That Almost Broke the Crypto Exchange

《WIRED：揭秘FTX破产当天的“蹊跷黑客事件”》

调查FTX破产当天的黑客事件

Last year on November 11th, FTX employees had the worst day in the company’s short history. Just 10 months prior, this up-and-coming cryptocurrency exchange was on the brink of bankruptcy. It seemed like FTX had hit rock bottom, with no means to repay its debts. But little did they know, things were about to get even worse.

In the midst of their turmoil, a group of thieves, still unidentified, chose that exact moment to strike. Tired and beaten down, FTX employees watched in real-time as billions of dollars’ worth of cryptocurrency mysteriously flowed out of their wallets on Etherscan.

“Can you believe it? After everything we’ve been through, we’re getting hacked?” said a former FTX employee, who wished to remain anonymous.

According to FTX’s own records, the company would eventually lose between $415 million and $432 million due to these unknown thieves. What FTX didn’t disclose previously was how close they came to potentially losing even more. In a frantic effort, FTX employees and external consultants swiftly moved over $1 billion worth of cryptocurrency to safer storage spaces, fearing it would be maliciously stolen. They even raced to send nearly $500 million to an advisor’s office in a physical USB drive, ensuring it wouldn’t fall into the hands of the thieves.

• 人们为何不再谈论区块链技术？这是好事吗？
• 更炫酷的加密资产选址对比：新加坡VS香港
• 山姆·班克曼-弗里德要求长效安非他明以在审讯期间保持专注

With the trial of FTX’s dubious founder, Sam Bankman-Fried, in its second week, the crypto community eagerly awaits any clues about how the exchange was so devastatingly looted just hours after he left its control. The identity of the thief – whether it was an inside job or an external hacker – remains a critical question. While Bankman-Fried and other senior FTX executives have not been charged in connection with the theft, the investigation continues.

However, WIRED can now divulge the efforts FTX made on that fateful night to limit the damage caused by the heist and prevent a potentially billion-dollar loss. Under the leadership of new CEO John Ray III, the restructured FTX team has declined to comment on the incident. But through detailed invoices filed by Alvarez & Marsall, the firm overseeing the FTX bankruptcy case, interviews with individuals involved in the immediate response, and blockchain analysis from crypto tracing company Elliptic, WIRED was able to uncover the hour-by-hour details of the crisis management.

It all began around 10pm on November 11th, when Zach Dexter, CEO of FTX subsidiary LedgerX, sent a Google Meet invitation to over 20 remaining FTX employees, bankruptcy lawyers, advisors, and consultants, with the subject line “Emergency”. The few employees who joined the video call witnessed, in real-time on Etherscan, FTX wallets being emptied. But the location and management of those wallets, including the keys controlling them, were only known by a small group of FTX elites, led by Bankman-Fried and his inner circle. While Bankman-Fried himself never appeared in the meeting, FTX co-founder and CTO Gary Wang did join the conversation.

By that point, Wang had lost the trust of many people close to Ray. Initially siding with Bankman-Fried during FTX’s collapse, it took several days of persuasions from other employees for him to distance himself from the former CEO. During the emergency meeting, Wang initially proposed a simple solution to change the keys protecting the wallets being drained, but this suggestion didn’t win support from any critics. Former FTX employees remembered feeling that it would be pointless since anyone with network access could simply grab the new keys and continue the theft. “The fox was already in the henhouse, why change the keys to the henhouse?” one former employee thought at the time. Wang later pleaded guilty to similar criminal charges faced by Bankman-Fried and did not respond to requests for comment sent to his lawyers.

Meanwhile, during the Google Meet call, LedgerX’s Dexter began exploring a different approach to safeguard FTX’s funds. Having negotiated with crypto custodian company BitGo the week before the theft to take over the remaining cryptocurrency assets of the company, pending regulatory approval, Dexter called BitGo to bypass the long legal process initiated with Sullivan & Cromwell, the law firm handling the FTX bankruptcy. Instead, Dexter requested BitGo to immediately create “cold storage” wallets – wallets securely kept offline – to which FTX could move all its remaining funds as a safe haven. Dexter did not respond to requests for comment.

BitGo reported that these wallets could be ready in around half an hour. FTX employees feared it was still too slow. By then, the thieves could have taken off with hundreds of millions more from the company’s wallets. Amidst the Google Meet call, someone asked if anyone had their own hardware wallet to temporarily hold the funds until BitGo was ready. Kumanan Ramanathan, an advisor from Alvarez & Marsall, joined the call from his home office in the suburbs of New York and volunteered to help. He had a Ledger Nano – a USB hardware wallet – at his home office and suggested using it as a temporary safe haven for the at-risk funds.

At around 10:30 pm Eastern Time on November 11th, Ramanathan set up a new wallet on his Ledger Nano. Former FTX employees remembered watching as he checked and rechecked the password he created for the wallet. Wang began sending FTX’s funds to this wallet, and soon, Ramanathan held between $400 million and $500 million worth of the company’s cryptocurrency assets on his USB drive in his Weschester County home.

Just minutes later, BitGo informed FTX employees that their wallets were ready, and they began transferring hundreds of millions more in cryptocurrency to BitGo’s cold storage instead of Ramanathan’s Ledger device. Throughout the rest of that sleepless night, employees scoured every wallet where FTX funds were stored and moved every coin they could find to BitGo. “They were cleaning up various systems, trying to find where various private keys were, where assets were stored,” said another individual involved in the response, who spoke without authorization. “It was chaos.”

As FTX employees focused on getting approval from management to transfer these potentially compromised funds, Ramanathan was left holding the cryptocurrency that Wang initially sent to his Ledger wallet. It created a bizarre situation where an individual effectively possessed around $500 million worth of assets belonging to FTX, presenting unique legal and security risks. That night, FTX’s General Counsel Ryne Miller rushed to Ramanathan’s home to help secure it. Both Miller and Ramanathan did not respond to requests for comment.

At around 10:59 pm, Ramanathan made a 911 call, reporting the ongoing theft and explaining that he was in possession of a substantial amount of the stolen funds, requesting police assistance to protect it. After all, no one knew at the time (or knows now) who had stolen the other funds and whether they might try to physically access the reserves Ramanathan held. A police report obtained by WIRED from the New Rochelle Police Department shows that Ramanathan told the 911 dispatcher, “There’s a massive cryptocurrency attack going on currently, and a lot of money has been sent to this address,” and he “feared the house would become a target.”

Even after the police arrived, FTX’s General Counsel Miller remained at Ramanathan’s home for most of the night. Time logs from Ramanathan’s billing records show that he and Miller spent nearly three and a half hours together in his home from around 2 am on November 12th until 5 am.

Ramanathan and his home were never physically threatened. In fact, when the funds were moved to Ramanathan’s Ledger wallet, the theft from FTX came to a halt. “He took a huge personal risk with his own Ledger,” said a former FTX employee. “He was really badass. I strongly feel that if we didn’t have that Ledger, we would’ve lost a lot more money.” Eventually, on the early morning of Saturday, November 12th, around 5 am, the funds in Ramanathan’s home office were transferred to BitGo. The company would go on to hold the remaining FTX funds, totaling $1.1 billion.

Later that Saturday, Bankman-Fried and Wang moved over $400 million in funds to an account controlled by the Bahamian government, which was reported by Forbes and documented in court filings. At one point, the action of moving the funds to the Bahamas was mistaken for the theft itself. A week after the theft, some media outlets inaccurately reported that the stolen funds had been seized by the Bahamian government. As counter-evidence, crypto tracking companies such as Elliptic and Chainalysis observed a portion of the actual stolen funds being sent to “mixing” services commonly used for money laundering, such as Railgun and cross-chain coin exchange service THORChain, typical behavior for thieves carrying out large-scale crypto heists.

Since that desperate rescue operation on November 11th, the new team responsible for FTX’s bankruptcy case has publicly decried the serious security flaws that allowed the theft to occur.

A report released in April as part of the FTX bankruptcy proceedings listed examples of these so-called negligence, including the lack of an independent chief information security officer or an actual dedicated security team. Despite publicly stating that only up to 10% of their cryptocurrency was stored in hot wallets (wallets connected to the internet), FTX kept almost all its cryptocurrency in hot wallets. It either left wallet keys unencrypted or failed to properly set up secure systems that required multiple keys to unlock funds. And the lack of a log system even to know who and when funds were moved, among other issues.

The report also described the complex situation faced by the new FTX team on November 11th, their first day in charge, as they took over a network that was already severely broken down. “Because the FTX group lacked effective controls over cryptocurrency assets, Debtors faced a credible threat of losing billions of dollars of additional assets at any moment,” the report wrote, using “Debtors” to describe the new FTX management led by Ray. “Forced to identify and access the cryptocurrency assets without a roadmap to guide them, the Debtors had to design the path to transfer many identified types of assets to cold wallets.”

Given this apparent security and organizational chaos, it’s perhaps not surprising that FTX became the target of one of the most costly cryptocurrency thefts in history. But if it weren’t for the swift decisions made amidst the chaos, the situation could have been much worse.

“It was a really, really crazy night,” said a former FTX employee. “We worked through it, got the job done, and saved a ton of money for our customers.”

---

Hey there, digital asset investors! Can you believe the heist that almost broke FTX? It had all the drama of a Hollywood blockbuster, with suspense, chaos, and even a hero in the form of Kumanan Ramanathan, the man who risked it all to protect FTX’s funds!

Just picture this: FTX, once on the verge of bankruptcy, is hit with a billion-dollar cryptocurrency heist. The thieves strike at the worst possible moment, leaving FTX employees stunned and desperate. But let’s not forget Tom Cruise’s dramatic entrance (or lack thereof) in this real-life Mission: Impossible. Yes, Bankman-Fried himself was nowhere to be seen, but his partner-in-crime Gary Wang stepped up to confront the crisis. Unfortunately, his idea of simply changing the keys to stop the theft didn’t fly with the critics. “Why change the keys to the henhouse when the fox is already inside?” they scoffed. Ultimately, Wang would pay the price for his misguided loyalty.

But fear not, for a hero emerges from the darkness! Kumanan Ramanathan, armed with his trusty Ledger Nano, bravely offers his wallet as a temporary safe haven for FTX’s digital treasure. With nerves of steel, he undergoes a nail-biting password check, ensuring that the funds remain secure. In a daring move, he becomes the guardian of half a billion dollars, protecting it from the encroaching thieves.

And let’s not forget Ryne Miller, the unsung hero of the night, who rushed to Ramanathan’s aid to fortify the defenses. Together, they stood against the tides of chaos, their bravery shining through. But alas, the night was not without its scares, as Ramanathan had to call 911 to report the ongoing theft and protect his home from potential physical intrusion.

In the end, FTX’s crucial funds found refuge in the safe harbor of BitGo, sparing the company from even greater losses. Bankman-Fried and Wang, ever the duo, moved millions to the Bahamian government-controlled account, proving that even in the midst of chaos, they were still two steps ahead of the game.

So, dear investors, rejoice! Despite the darkness that loomed over FTX, a glimmer of hope emerged, cleansing the company of its troubled past. Lessons were learned, heroes emerged, and the crypto community prevailed. Remember, even in the face of adversity, there’s always a way to turn the tide. Keep your assets safe, and stay vigilant in this ever-evolving digital landscape!

Now tell me, dear readers, what are your thoughts on this epic heist and the heroes who fought to protect FTX’s funds? Join the discussion below!

We will continue to update 算娘; if you have any questions or suggestions, please contact us!