A Wired report revealed new details about the November 2022 FTX hack, which happened hours after the now-defunct exchange filed for bankruptcy.
The report alleges that a Ledger Nano personally owned by Kumanan Ramanathan — an advisor to FTX from Alvarez & Marsal — was used to hold roughly $400 to $500 million as FTX employees desperately tried to protect funds still held on the exchange.
FTX co-founder Gary Wang transferred the assets as they waited to hear back from BitGo on cold storage wallets, a solution that had been apparently devised by LedgerX’s Zach Dexter.
The $400 to $500 million allegedly held in Ramanathan’s wallet was transferred on the morning of Nov. 12 to BitGo, which would later hold around a billion dollars worth of FTX funds — or what was left, anyway.
FTX staffers allegedly spent the night of Nov. 11 tracking wallets containing FTX crypto to transfer everything they could find to BitGo’s cold wallets. There was confusion around where private keys were held, helping to create “chaos,” the report said.
The former exchange used multisig wallets to protect its assets, meaning it required multiple signatures to transfer crypto assets from the wallet.
“In the few instances in which the FTX Group even attempted to employ these controls, it misapplied them: For each wallet, the FTX Group stored together, in one place, all three private keys required to authorize a transfer such that any individual who had access to one had access to all the keys required to transfer the contents of the wallet, thus defeating the purpose of the controls,” FTX CEO John J. Ray wrote in an April court filing.
The 45-page document laid out the “control failures at the FTX exchange.”
“While crypto exchanges are notoriously targeted by hackers, the FTX Group had poor or, in some cases, no “visibility” controls to detect and respond to cybersecurity threats,” Ray continued.
When the FTX hack took place, there was confusion around whether or not the bankrupt crypto firm had actually been hacked.
However, it later became clear that roughly $500 million in digital assets from both the international and the US exchanges were stolen.
Since the attack, the wallet addresses involved were mostly dormant until last week, when the hacker began using ThorSwap, a cross-blockchain liquidity protocol, to exchange ether for bitcoin.
Blockworks reported that the attacker’s move is strange due to the chain’s trackable nature. Data editor Andrew Thurman wrote that many hackers use privacy services like Tornado Cash, or cross-chain bridges — which inadvertently act as mixers — to hide their on-chain trail.
Blockworks reported in December 2022 that Elliptic flagged $663 million worth of crypto on the move, though $180 million of that figure ended up being FTX sending funds to cold storage.
Don’t miss the next big story – join our free daily newsletter.
Follow Sam Bankman-Fried’s trial with the latest news from the courtroom.