889 comments

[ 5.4 ms ] story [ 387 ms ] thread
It's been stated that FTX can access the wallets of their customers [1], I wonder if employees or other bad actors knowing the ship is sinking have decided to - forgive me for the quip - plunder any remaining assets.

1: https://www.coindesk.com/policy/2022/11/10/ftx-violated-its-...

That was my first thought. Not FTX related, but I just got another email from Coinbase reassuring me that they’re not gonna use customer funds without permission. I have in the past moved my shit out of Coinbase wallets because of doubts about that. Honestly though I just want to GTFO of crypto at this point…
"at some point, you are the greater fool"

"If you look around the table and can't see the chump, you are the chump"

> Coinbase reassuring me that they’re not gonna use customer funds without permission

"Not gonna" is wildly different from "cannot". So are you sure they physically cannot use your funds? If that's not the case, their promise is worth just the price of sending that email to you.

Get out, man. Learn investment theory. All you need is a couple of index funds and bonds. Investing isn't supposed to be exciting or make you rich quick.
> All you need is a couple of index funds and bonds.

Ah, spoken like a true middle class Boglehead.

VTI/VOO will not change your life, even after 30 years. Broad market ETFs are not worth the risk.

You’re better off doing bonds (little to no risk) or crypto (high risk, more likely for life-changing generational wealth compared, even compared to FAANG SWE TC).

> life-changing generational wealth

By that measure, the people who had their life savings in FTX (and Celsius and Luna before that) have certainly succeeded.

Investing in total-market index funds is the single best strategy for the average investor. (In fact it's so good there's a proof! [1]) If you invested $10000 in the total US market in 1992 (30 years ago) and never touched it again, your inflation-adjusted balance today would be $72452 [2]. That's an insane 7x of real growth that requires absolutely no effort on your part. Even if you did a more conservative mix of 60% stock and 40% bond (VBMFX) you would have 4.5x real growth.

[1] https://web.stanford.edu/~wfsharpe/art/active/active.htm

[2] https://www.portfoliovisualizer.com/backtest-portfolio

Does that study account for stocks that have dropped out of the index? Re-balancing fees? What about LIRP/ZIRP?
I haven't read this study but the listed returns account for index rebalancing.
Crypto is life-changing in the sense that you will probably lose all your money as (1) a complete speculation or (2) in a hack or (3) due to fraud.
Crypto isn't actually an investment in anything. It's just speculation.

With crypto you're not investing in anything that will produce a positive cash flow. Bonds and the stock market actually produce cash flow.

Why not just bet it all on red and get your life-changing generational wealth without all the drama?
And even there you can get access to options trading for quicker - and riskier - ways to make money using the traditional stock market. At least if you lose the money is not because somebody in the Bahamas decided it was time to retire earlier with your assets.
Not to argue, but just to point out, banks can also do this. It's called "bailing-in".

Banks in the US can do it, but only with the excess of accounts containing more than $250k.

They’re making Madoff look good. He semi-voluntarily* turned himself in when the jig was up, and the govt eventually recovered about 2/3rd of the money

FTX seems like it’s still trying to steal funds

*Madoff confessed to his family, said he would turn himself in, and asked for 24 hours to get affairs in order. Family refused, called FBI immediately

Madoff recovery is 88.35%. See: https://www.justice.gov/opa/pr/justice-department-announces-....

Many of Madoff's victims exaggerated their loses. If they invested $1MM at a claimed return of 15% for 6 years, they would claim they lost $2MM, not the $1MM principal.

(I just hope our Government doesn't try to bail out crypto speculators!)

Thanks! Wow even better than I recalled

To be fair there’s something to that idea. Market returns about 7% on average. Over six years that would be an opportunity cost of 50%.

But, as you say there’s got to be some loss for choosing to put one’s money with a con artist

I doubt there will be a crypto bailout as it seemingly didn’t get big enough to blow up anything outside itself. It also had an anti public relations campaign for years

I've been around the block a few times, and I've had people over the years tell me about an "investment" or a fund, or their brother-in-law who could get me 15% or more on my money. And every time I've been smart enough to say "no thanks."

I must admit, I don't have a lot of sympathy for Madoff's victims. Especially the charities! If I donate money to a charity, I'd expect the money to go to help people or to further their cause -- not to be invested in a high-risk ponzi scheme.

There was a constant drumbeat of high interest promises by these crypto companies, even the supposedly “safe” ones. And so many people thought it was a no lose proposition. E.g. 8% APR at FTX.us: https://mobile.twitter.com/ftx_app/status/141749746557453927...
Why haven’t they deleted this tweet by now?
What difference would it make?
Lol at the first comment from over a year ago: “ Make it so I can withdraw like a normal wallet and I'm in”
The irony!

> In 1992, Bernard Madoff explained his purported strategy to The Wall Street Journal. He said his returns were really nothing special, given that the Standard & Poors 500-stock index generated an average annual return of 16.3% between November 1982 and November 1992. "I would be surprised if anybody thought that matching the S&P over 10 years was anything outstanding." The majority of money managers actually trailed the S&P 500 during the 1980s.

From https://en.m.wikipedia.org/wiki/Madoff_investment_scandal

The Renaissance Medallion fund made over 30% per year, so people who had heard of that would be primed to believe that 15% was possible.
Yeah, but anyone who thinks about it realizes that a rate that high simply isn't sustainable.
>I doubt there will be a crypto bailout as it seemingly didn’t get big enough to blow up anything outside itself

If politicians wanted to make crypto bros whole, I would lose my mind. I doubt I am the only one, and I would hope that would be scene as a political death sentence to endorse such a proposition.

Some California congresspeople wanted to bail out dot-com speculators during the 2000 crash, at least of their tax oblications:

https://www.bizjournals.com/sanjose/stories/2001/07/30/daily...

(I was opposed to this. I purposely didn't exercise stock options that I couldn't or wouldn't sell immediately because I knew about the tax liability. I don't believe the defense that someone who wants to speculate in stock options just didn't know about the taxes. People who wish to speculate with complicated forms of investors should be prepared to take all the risk.)

They also recovered money by clawing back returns that investors made in the years leading up to the scandal finale.
I honestly don't understand why any speculators get bailed out ever. They're in it for above-market profits, how is it that they don't have to accept the risk?
Madoff's victims weren't bailed out with Government money, they recovered assets from Madoff. (It was with Government effort though, including "clawing back" money from other Madoff customers who had actual gains!)
Then it's not a bailout, it's asset recovery. That's fine with me - somebody rips you off, take them to court like everybody else has to.
Perhaps there's some effective altruist argument for why this is best for the world. Trying to make the Ponzi lesson stick or something.
He just wanted to bring back the guillotine. He’s a big picture thinker.
> Investigating abnormalities with wallet movements related to consolidation of ftx balances across exchanges - unclear facts as other movements not clear. Will share more info as soon as we have it.

From FTX's general counsel[1], retweeted by FTX_Official. So that indicates it's not being sold off legitimately under some sort of liquidation proceedings. It could be insiders or it could be hackers.

[1] https://twitter.com/_Ryne_Miller/status/1591281729125613570

Rumors on Twitter[2] are there was also an update just pushed to the FTX app. Concerns are the update may contain malware. It makes sense to uninstall the FTX app if you have it.

[2] https://twitter.com/zachxbt/status/1591295039946493952

> Reports on crypto Twitter are that this is a hack

Is that based on some evidence, or is it speculation?

I reworded things to separate the first hand information (FTX_Official indicating they don't know what's going on) from speculation (app hacker rumors).
I saw an update on coindesk that they confirmed it was a hack on their official telegram channel?

What a dumpster fire. But let's be honest, I think retail investors weren't getting anything back anyways. Probably only impacts creditors

Lol, a 'hack.' An unfortunately extremely convenient one that I'll almost guarantee specifically took customer funds, you know, after the bros already took their first cut.
It happens on Wall St as well but more "subtle". Retail investors and tax payers have always been the bag holders.
Do banks get hacked very often? They seem to have their security in order. Probably because they would have to reimburse their customers if something went wrong.
I imagine they do their best to run a tight ship yes, but I also imagine the fact that banks still run a lot of legacy pipelines and audits means it's also a little harder to find bugs in the apps and websites, that would actually let you achieve much.
When the banks get bankrupt (i.e due overleverage, stealing/using customer's money etc) their customers get nothing back. A such example is MF Global. I'm not going into the whole story why banks and centralised/opaque finance is bad.

Now the whole point of crypto was the tech behind it which was supposed to replace banks, exchanges and missuse of your OWN money. It's supposed to be an alternative to the trash financial tools we already use. The fact that people are using entities such FTX, Binance makes them deserve to be punished for their betrayal. Regardless if they use FTX or JP Morgan they pretty much deserve to experiment the shortfalls of centralised finance. I think it's part of the hello world example of what DeFi is trying to solve.

One more thing: If FTX was hacked I bet it has almost nothing to do with the crypto technology.

https://en.m.wikipedia.org/wiki/MF_Global

MF Global wasn’t a bank.

“Nothing to do with the crypto technology” is an empty and meaningless statement.

IF, and that’s a very big if, they got hacked, the fact that $600m could be moved and disappeared so quickly is 100% to do with the “crypto technology”. In the real financial system it is exponentially harder to make money disappear, transfers are logged on three sides of the transaction, you have to hack multiple autonomous and different tech stacks, and you have to wait as the transfers get transmitted, validated and passed in.

“In January 2013, a judge approved a settlement that would return 93 percent of customers' investments”

A great deal larger than nothing.

(comment deleted)
You wrote: <<their customers get nothing back>>

Another comment already noted that MF Global was not a (commercial/retail) bank. One part of it was a broker-dealer.

Also, in the United States customers of MF Global brokerage were covered by the Securities Investor Protection Corporation (SIPC) which (to quote Wiki): <<can pay the customer (via its trustee) up to $500,000 for missing equity, including up to $250,000 for missing cash>>. Please read more here: https://en.wikipedia.org/wiki/Securities_Investor_Protection...

Even with all of the bad behaviour during MF Global's last days (to quote Wiki again): <<In January 2013, a judge approved a settlement that would return 93 percent of customers' investments, with the prospect of additional payouts from the company's general estate.>>

Impressive, considering the extent of fraud at MF Global! Can any collapsed crypto exchange claim the same recovery rate? I doubt it.

I have direct knowledge of several bank hacks. Most of the time they don’t publish it.
Isn't the difference that banks have insurance for those hacks?
Yes banks have fidelity bonds called bankers blanket bonds (BBB) which cover losses from fraud, theft, etc. The FDIC doesn’t ensure against robbery, identity theft(banking fraud), etc. so this is an important protection for banks to provide.
Ah! I had no idea FDIC didn't cover robbery. Thanks for clarifying!
They will cover the depositor's funds up to the 250k limit in the event of an event where the bank cannot return your funds, but banks assets or property is not covered under FDIC and need to be separately insured.
Wall Street doesn't rug pull people. It sells them bad bets and takes the opposite side of those bets. There is a massive difference.
It’s not a massive difference just a rug pull at a higher conceptual level (informational) because the obvious financial rug pull was done a hundred years ago and has since been regulated.
They always give you the information, too. People just don't always like to read it. Some people don't care, and others just jump on whatever bandwagon they can find.

Almost everyone who has lost their shirt in financial derivatives in the past 50 years could have learned about the risks they were taking from some text in a prospectus somewhere, but chose not to.

That's exactly the same for crypto too though, all the warning signs are constantly there.
It's not that Wall Street gives you warning signs. They literally tell you "this is a probably a bad bet, and you should not take it" in the descriptions of most products. Very few people actually read those descriptions, despite the fact that they really should if they are buying weird financial products. The banks tell you to read them. And yes, a mortgage is a weird financial product.

For example, people who lost a lot of money holding XIV (a leveraged inverse-VIX ETN) had the warning about not holding the thing overnight in bold red text in the prospectus. People holding leveraged CDOs and every kind of CDS had all kinds of warnings in big bold text in their prospectus. The good old "liar's loans" of the early 2000's had big bold text saying "it will be bad for you if you lie about your income."

Pretty much the only financial products that don't come with big bold text saying "you are an idiot for buying this" are single stocks and the most boring of ETFs/mutual funds (eg SPY).

Contrast that with the warning signs from crypto projects, which are a lot more oblique than big bold text in a document that they tell you to read. Wall Street screws you, but they generally do it slowly and they tell you how. Crypto projects just straight up steal your money one day out of the blue and run to Dubai.

CDO2s backed by worthless subprime loans were put into AAA rated bonds. I'd call that an outright scam. For that matter all versions were far more risk than they claimed they were, given that they were worthless, even if there was some fine print somewhere.
I don't have an ISDA with a bank or a copy of a CDO-squared prospectus, but it's hard to imagine that there wasn't a big warning about them being a leveraged product that you should not invest in long-term.

The rating agencies did not understand the products they were rating. However, the warnings were almost certainly on the label.

That's why the rating agencies were sued over this, and not the banks.

A rating inherently claims understanding though. Is a bridge safe to walk on? Some guy who doesn't understand engineering is putting signs on it rating its safety. Ignorance is not a defense at this point.

They did sue the banks. For many things including inflated appraisals of the loans.

I'm sure they have some kind of warning for everything that isn't FDIC insured. But misrepresenting high risk as low risk instead of zero risk is just a quantitative difference. There are plenty of scams that do this. for example just lying about a company's earnings. I suppose the precise crimes they charge them for may differ a bit.

Retail investors are creditors right? Though I guess you mean only the larger creditors. I think the bigger difference is that bankruptcy proceedings take a long time and to a retail investor ‘you might get some money back in N years’ isn’t so different from ‘you get nothing’.
> bankruptcy proceedings take a long time and to a retail investor ‘you might get some money back in N years’ isn’t so different from ‘you get nothing’.

Does anyone actually remember MtGox? It wasn't actually that long ago!

Karpelès never went to jail. He was convicted of poor recording keeping, not of embezzlement, and given a suspended sentence.

If - hypothetically - someone else wanted to take a similar path, the odds of jail time are actually pretty low.

I just had that realization that I'm sure so many have already had.. In a bankruptcy, we really are creditors.. but we're not Creditors, and won't get our money back until big C's have had all they want.
There’s such a thing as seniority of claims and it may often be the case that the mass of ordinary people don’t have the most senior claims but it isn’t about the size – investors (who, in some sense, have the most junior claims) will likely get hosed even though they’re big.

I think there are two ways to think about this:

1. If you’re a company and you have N classes of debt then probably ‘ordinary people’ will all be in the same class (this can vary, eg if you’re a big retail store then wages owed will likely be a different more senior class of debt than anything you owe customers). So the more senior claims are more likely to be big companies as are the more junior claims, and it is unlikely that the ‘ordinary people’ class of debt will be the most senior. For FTX I expect the hedge funds and retail customers to have the same seniority.

2. Hedge funds, etc, will be able to retain lawyers and seek representation in the bankruptcy process in a way that is unaffordable to ordinary people. So they might end up with favourable timelines/restructurings or better accounting of what they’re owed but those arrangements can’t be that the big members of the class get a higher proportion of their money back than the smaller members.

In my country the first creditor that gets their money in case of a bankruptcy is the tax man.

And a lot of bankrupt companies owe the government a lot of money in due taxes...

Some call this a "hack", others who are brighter noticed that the recent FTX limited account unfreeze before they declared bankruptcy was to mask their own personal outflows as they siphoned money from a sinking ship
(comment deleted)
Greed drives all of us to do things we normally wouldn’t. Given the nature of crypto, unless there’s a good reason to have the FTX app (say as opposed to using their website), then uninstalling it seems like very sound advice.
> Reports on crypto Twitter are that this is a hack

It's really unfortunate to get "hacked" with such bad timing. You steal customer money and file for bankruptcy but now the bad hackers, probably from the Bahamas as well, take whatever is left and cash out. Oh no! /s

But it's alright, SBF said he's sorry.

In unrelated news SBF just found he had a bunch of crypto in his personal wallet. Totally not at all the pile of crypto that was last seen in the FTX wallet.
(comment deleted)
(comment deleted)
A minor problem with the blockchain is that the blockchain is actually an authenticated record of all transactions, so it’s pretty hard to hide where the crypto went unless you never actually exchange it or use it to buy something.
Swap to Monero then slowly trickle swap back to your coin of choice as you need the funds. 'Problem Solved'

There is a reason US regulated exchanged with KYC don't deal in XMR.

Huh? Kraken deals in XMR in the US. You can literally upload a US passport and they will sell/buy you XMR. They've been doing it for years.
SBF takes "full responsibility".
Don't worry tweet that "he's sorry" and it will be all right.
i volonteer to take some "responsibility" as well
Taking full responsibility would be liquidating his assets to make all customers as whole as possible, even if it leaves him destitute. Lack of responsibility/consequences for the capitalist class is the root cause for many of the social problems we have today.

It's not OK that we hugely reward taking risks to capital and then largely isolate the "risk"-taker from the consequences of failure when they materialize.

Perhaps he will take some time to clear his head. Is there a monastery in South America where he can repent? Preferably one with no extradition treaty?
honestly, the vulnerability was probably already there and there was a symbiosis with the person. Rules for rulers, there are various keyholders in your empire. This company wasn't following any best practices, so no reason to think they have crypto security best practices internally.

this person absolutely knows that they can kick leadership when they're down and that all blame will go to the leadership

it doesn't require being an "apologist" for leadership to see this vulnerability. Council and compliance all resigned, the ceo resigned. Any semblance of checks are gone and any rogue developer can use their keys on anything, rumor now is that an app update went out turning them into malware.

its equally as plausible as just a cringeworthy vendetta of spiraling founders, dumber things have happened in crypto. smart things have too, I’m leaving towards a smart thing

It’s unfortunate that what started out with altruistic motives, a method for decentralized anonymous asset exchange, is being derailed by opportunists. There was a time where a 51% attack was the biggest concern.

All that said, I’m not surprised at where we are today.

Most of the rules of civilization are centered around preventing the 20% predators from devouring the 80% normal people.
Most? That's an understatement.

The rules that aren't are so few they may as well be rounding errors lost in noise.

most are about 10% of predators trying to devour the other 10% of predators while preventing being devoured by the 80% of normal people
And here I sit, thinking those rules were so that the 1% could take all the value the 99% produced.
Nuclear weapons made this a bigger issue since it closes the option of last resort, which is war. See North Korea…
Not sure what you mean. After what was done to Libya after they gave up nukes, North Korea learned it can't disarm without subsequently being invaded and destroyed.
(comment deleted)
Heh. The 1% are mostly the very successful predators and their heirs.

They buy/make a lot of rules, but there's still (currently) a ton more to constrain predation.

(The more money you have, of course, the easier it is to game a more complex system...)

> It’s unfortunate that what started out with altruistic motives

Are you actually buying into SBF’s pathetic ideologies? Or are you more referring to Satoshi’s white paper when you refer to “altruistic motives”.

I can’t understand how anyone would take SBF seriously. He’s a smug charlatan who converted funny money to real money so that he could dump it into politics for his own aims, all while calling his actions “altruism”. Biggest false virtue signaler of all time.

Parent mentions decentralized anonymous asset exchange being the goal and 51% attacks being the biggest concern. That tells me he's talking about Satoshi. Those topics don't apply to SBF.
> Or are you more referring to Satoshi’s white paper when you refer to “altruistic motives”.

There's little altruistic about an emission that allocates half of all supply (first four years) going to early miners including Satoshi himself, and leaves only crumbs for later generations.

Satoshi picked that model probably because it's easy to divide by 2 (x >> 2). He didn't want to prematurely optimize or overthink anything because it was a simple experiment and nobody could have predicted that Bitcoin will become the mammoth it is now.
Shifting by two is dividing by four. Not so easy, after all!
(comment deleted)
This was my biggest “a-ha” realization around crypto, that the distribution model is utterly and irreparably broken for the most popular currencies. Whenever I bring this up with BTC/crypto maximalists their counterpoint is that fiat is also unevenly distributed and that it’s not a novel problem. The disconnect is truly puzzling.
It's not a novel problem, but nearly all cryptocurrencies exacerbate it by concentrating the majority of emission on the first few years. Non-pow coins even start with the creators holding 100% of supply.

When they could instead minimize the problem (or limit it to the pre-existing fiat inequality) with a pure linear emission, i.e. fixed block subsidy.

The resulting high supply inflation rate (1/n after n years) would have the side benefit of deterring speculation, and keeping prices (and hence environmental impact) low.

It's not so puzzling when you realize most people are perfectly fine about something if they get paid by it, or think they might one day get paid by it.

Less fine if they won't and someone else will.

Agreed. IN particular, William MacAskill[1] is worth particular interest. Closer to abstract low tier cult than serious philosophy. The fact he changed his name (his real name is William Crouch) to sound more like a marketable philosopher should be indicative enough to anyone with an ounce of sense that one should be guarded engaging with this supposed philosophy.

That so many people at FTX called themselves "EAers" or "subscribe to the philosophy of EA" screams charlatanism to me. That it became entwined with the Crypto community is no surprise to me.

It reminds me of the many many "churches" in Africa that tell people great fortune will come their way if they are loyal to this particular preacher or whatnot. [2] It is obvious to me those are a scam. Perhaps more akin to Scientology - creation of a VIP club - the less sense it makes the better?

I've tried to read about Effective Altruism and my conclusions are that it is immature gibberish and these proponents are not fully formed emotionally intelligent adults. [3]

> SBF ended up hanging out a lot with his younger brother Gabe, who was living in an EA commune on nearby Stuart Street.

Communes - but it isn't a cult right?

[1] https://en.wikipedia.org/wiki/William_MacAskill

[2] https://www.nytimes.com/2002/03/13/world/africans-fill-churc...

[3] https://web.archive.org/web/20221027180943/https://www.sequo...

I hear a lot of critiques around effective altruism that boil down to attacks on people who practice it as being immature, naive, or cult like.

At its core, EA asks what the most effective way to contribute to humanity is. Some of the thinkers are mature and have produced amazing projects, givewell being an obvious example.

There are definitely some weirdos affiliated with the movement, but I don't think that that discredits its approach or philosophy.

It's performative in exactly the same way I grew up among with evangelical extremists. You can't reduce moral decisions and ethics to some sort of karmic account balance. Functionally EA allows its promotors to rebrand self interest as actually altruism. It becomes an all purpose end to justify any means. A thought ending cliche to avoid engaging with the actual complexity.
And yet no one ever seems to be able to actually define a better moral decision making process or describe what the argument defeating "complexity" actually is. Just a longer way of saying "I disagree."
What is the evidence that we actually truly know what is most effective in a lot of situations? If "effectiveness" is just a hypothesis then the whole thing becomes quite shaky in terms of resource allocation.
I think the OP is being unfair to Will and EA, but your statement is pretty outrageous. No one's ever come up with a moral or political philosophy other than utilitarianism - are you serious?
Didn’t he change his name when he was first married (to some more distant family name) instead of only one spouse changing name?
> what started out with altruistic motives, [...] is being derailed by opportunists.

See: all human history.

The essential trust anchor will always be transparency that directly affects a person in society. Anonymous money and anonymous power will be exploited.

In times like this I often find comfort in the expression "The Purpose of a System is What It Does"

https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_wha...

Doesn't this make all forms of bureaucracy (and hence, civilization) parasitic ? (Or are you just supposed to regularly "drain the swamp" ?)
No. Seems like a non sequitur to me.
=

"The bureaucracy is expanding to meet the needs of the expanding bureaucracy." from (supposedly) Oscar Wilde

+

Survival of the fittest to survive, from Charles Darwin

?

(This is a serious question, I have been pondering it for years now...)

FTX CTO Gary Wang as well has a lot of recent GitHub commit activity in last 2 days and now suddenly the site is hacked https://github.com/garywang
(comment deleted)
(comment deleted)
How do you know it's him and not somebody else with the same name? I don't see any crypto projects.
> I don't see any crypto projects.

How do you know that? It says explicitly: "52 contributions in private repositories" between November 1 and November 11.

Obviously nobody knows what the private repos are. I was talking about public projects. "Gary Wang" is not an uncommon name. For example, here is another one with a Wikipedia page https://en.wikipedia.org/wiki/Gary_Wang
That's a good point. For whatever reason, I missed the first part of your comment. I did indeed operate under the assumption, incorrectly, that it was his profile.

What's interesting is that a lot of the FTX people on the about page (https://about.ftx.com/), including Gary Wang and Dan Friedberg have deleted their LinkedIn accounts, whereas they were available earlier. If they're deleting something so harmless, then who knows what else they are deleting and covering up.

I don't think this means anything. They might just not want any publicity, or to be harassed by malcontented FTX depositors. In the context of the FTX implosion, their LinkedIn profiles are far from harmless.
I'm as sceptical as the next person but I don't think "coder writes code" is anything.
The CTO writing and committing code for a (formerly) $16 billion dollar company does seem slightly off imo.
I think it’s quite normal (at least at some companies) for a CTO to spend some time writing code as part of setting technical direction. In that case there might be other executives who do the other parts of the CTO role you imagine (eg having lots of reports).
(comment deleted)
Yeah and I’m sure the Apple App Store review process won’t catch the steal_private_keys_and_upload_to_china() method they inserted. Not that iPhone apps can’t do this in the first place. A lot of FUD right now to create even more chaos.
I can't speak for others, but personally my great dislike for it is the very high rate of scam-like behaviour.

Every where you look, it turns out that someone is doing a 'rug pull', using customer funds in ways that don't line up with what they said publicly, or using misleading and deceptive behaviours to con others into giving them money.

You're already doing them a great favor by conceding a possibility the scam rate is not exactly 100.0%.
People dislike crypto because for many it has become incredibly obvious that it’s nothing more than a vehicle to scam and commit fraud.

Yes, these things happen elsewhere but crypto is perfectly designed to facilitate these bad behaviours.

Bitcoin is neutral and almost uninfluentiable by any single party. It‘s neutral, all the rules are out there, nobody has an information advantage. With Ethereum it‘s a bit more difficult because it has a history of being very transparent but there is still Vitalik as the BDFL. Almost everything else in „crypto“ is a mostly centralized system with the same points of failure as traditional financial systems (IoUs => bank rund). It is dishonest to conflate Bitcoin with all these possible scams. I hope Ethereum can establish itself as a neutral, natural law kind of system as well (removing Vitalik from the equation). Because on top of Ethereum more people can built trust less systems that can have bugs but that can‘t really be scams because all the mechanics are public and nobody can have an information advantage.
The reality is that the technology being “neutral” or not is irrelevant. It’s how the technology is used that matters.
It’s also funny that in certain instances crypto is perfectly designed to easily catch these behaviours (since the ledgers are public)
Because we're tired of a dumpster fire of scams and fraud being sold as the revolutionary future of all finance and money.

We do not want that future. We don't even want the bitcoin present. We think it's bad and will cheer as it implodes.

There was a time I thought something like bitcoin had a useful role to play in the world, never as a consumer/retail thing, but more a zero trust alternative to existing clearing houses used by businesses. The mania around getting rich quick on crypto coins has utterly destroyed that possibility.

You can call it hate if you like. I don't particularly care. I do think spreading this criticism to counter the hype and straight up fraud pitches is justified, including being rather emphatic about it.

I am saddened about the baggage that blockchain technologies hold in less technical circles now. They’re not just for cryptocurrencies.

My grandfather hears “blockchain” and he assumes he is looking at a crypto scam.

> My grandfather hears “blockchain” and he assumes he is looking at a crypto scam.

As a first approximation he sounds like a wise man.

> They’re not just for cryptocurrencies.

Please tell me about the other use cases.

Merkle trees and consensus algorithms predate "blockchain." So far blockchain has very little to offer other than solutions to Sybil attacks that so far are net negative in externalities.
You are absolutely right! It’s accurate to say blockchains are a synthesis of other technologies, and solve for particular, narrow use cases.

That is useful, but not as generally useful as cryptocurrency advocates want you to believe.

yes, but the same we can tell about equity invention...

people were misusing it, does it mean that it is bad?

LLC are a main factorfor growth in last 100 years because of incentives aligment. same with crypto.

any tool can be exploited by bad actors

does it mean it should not exsist or be hated?

1. Because everyone touts "avoiding government regulations" - what most of us call "crime" - as one of crypto's primary reasons.

2. Because there are so many scams in the field.

3. Because crypto people have this unattractive combination of acting superior to others while literally never having read about or even thought deeply about economics.

4. Because after 13 years, not one Web3 project has emerged that has any value outside cryptocurrencies.

5. Because blockchains are wildly consumptive of the world's resources, right when we see the devastation of our biosphere roaring down on us.

any progress requires mistakes, crypto over internet only speed ups this process

people wont fall twice into same scam

people can learn faster thanks to it

in other indystries there are also bad actors

only different, crypto is faster which is good thing in good use cases

I need a name for the cognitive distortion where someone says "X is bad" for valid reasons and then jumps immediately on a much worse solution. Applies not just to crypto but to bringing up the Iraq war; or complaints about "MSM" leading people to choose entirely fact-free nonsense channels or literal Russian state propaganda TV instead.
It's wild. The place is brazenly being robbed in public eyes. Is it under the Bahamas laws? What can anyone do?
Bahamas has an extradition treaty with the US. If SBF doesn’t flee he will definitely get indicted in US court
I don’t think SBF would be dumb enough to steal $400m right now when the whole world is watching his every move.
Well he was dumb enough to post a bunch of lies and nonsense to Twitter the last couple days…
Maybe I'm more cynical than most but those tweets to me feel like they will be used as evidence in the future to argue that he didn't really have the full picture what was going at FTX and that it was really the Alameda people or the devs etc behind everything.
> Alameda people or the devs etc behind everything.

SBF used to have intercourse with the Alameda CEO, and if I'm not mistaken they were all in this together (FTX + Alameda, that is). Article on the intercourse thing [1]. The admins of this forum can complain about "the level of discussion getting low" as much as they want, but this is the reality, this is how billions of dollars have been stolen.

[1] https://www.coindesk.com/business/2022/11/10/bankman-frieds-...

He's going to prison anyway, his reputation is tarnished, maybe he figured: Why not make a run for it?
This could be pretty interesting leverage.

"I hold the private key to refund 80% of my victims losses, reduce my sentence or it dies with me."

(comment deleted)
> reduce my sentence or it dies with me

He would go to jail. This isn’t even a tough one.

Why not? Lying got him this far!
Knowing little about how ftx works... Is the article talking about customer accounts at FTX being drained? Or accounts belonging to FTX being drained?
FTX is a centralized entity, just like PayPal is. There is no such difference. As a centralized company, they are supposed to hold all customer funds in their own bank/wallet/whatever account(s).
iait may be centralized but there's no comparison to PayPal. PayPal does not commingle funds
Paypal keeps separate bank accounts for each customer?
The claim is that PayPal keeps user funds separately from the funds that PayPal e.g. uses to pay for operating expenses.
(comment deleted)
(comment deleted)
This is an unreal speedrun nightmare timeline. At this rate I am half expecting to wake up to news tomorrow that SBF is dead.
How awful. Please don't do this here.
(comment deleted)
New speedrun world-best?

I realize this doesn’t add much by way of substance but this has been an incredible watch.

I hope someone is keeping an eye on SBF.

If this is real, most likely an inside job. I mean FTX staff probably had a lot of their own crypto on the exchange, so now that it appears Bankman stole it from them, why not steal it back.
(comment deleted)
This sounds like a great insider action to cover the fraud and mismanagement: leak the keys to the kingdom in a dark web forum, so that in the resulting commotion you can blame the hackers who had access all along and obviously made your platform fail. Something, anything that your lawyers can grasp at.
I doubt that Bankman would have sanctioned that though, since he’s already admitted to malfeasance. An insider could leak the keys and arrange for a cut of the proceeds, was my line of thinking.
Bankman would have not sanctioned it because he's got much more to lose the greater the hole is. Someone around Bankman though, that has no substantial stake in FTX and suddenly realizes he was an accessory to financial fraud, has strong incentives to burn the house down.

From a secure and audited system where only a handful of people had access and the actions of each are recorded (if we dismiss Bankman's "backdoor" for a moment), all of a sudden we have a system that was wide open to the world and raided exactly after the financial collapse. As it's easy to see, your Honor, the hackers were in the system all along, forging the so called audit trail allegedly incriminating my client; when the game was up, they pounced.

I am skeptical because if insiders have access to the keys, they would not do it in such a obvious manner. They would instead drain crypto accounts that are pooled or reserved, not associated with the app directly. They would have drained these pooled assets discretely instead of a malicious app update , which draws too much attention. Of course, it's possible that said insiders had access to the app update but not the keys.
(comment deleted)
Fraud. This is why banking regulation is important, almost all banking laws on the books exists because someone got screwed.
(comment deleted)
Because someone screwed over too many other people
More like because the wrong people got screwed over.
(comment deleted)
There's no way this is a coincidence. This is undoubtedly people who work(ed) at the company and were trusted with private keys trying to get away with some money while they can.
Agreed. It's by far the simplest answer. They already have the keys and have the code.
I don't think it was insider job. If insiders wanted to steal people's assets why do it in such a public manner? If they have the keys they can just move funds discretely from the larger pooled assets without draining individual accounts. A malicious app update draws way too much undue attention.
If I were an insider, I'd want to steal the funds out in the open and add decoys such as the app update to make it look like a hack.
What's weird is, why wasn't the system turned off? They've totally collapsed, filing bankruptcy, and supposedly aren't allowing withdrawals, so what was the point of leaving the system up and vulnerable?
They don't have the power to pause non-FTT blockchain systems. What you're suggesting isn't really possible. Someone has to hold the keys -- and I doubt they used sufficient multi-sig -- and anyone who has the keys can always move the funds.
But aren't they themselves (FTX) custodians of these funds? In that case, why not turn their services off to protect the keys from being hacked? What you say makes sense once a hack takes place, but how did the hackers get the keys? Or do they use external custodians?
> how did the hackers get the keys?

It's most likely an inside job, either by disgruntled employees or SBF himself:

"In a subsequent examination, FTX legal and finance teams also learned that Bankman-Fried implemented what the two people described as a "backdoor" in FTX's book-keeping system, which was built using bespoke software.

They said the "backdoor" allowed Bankman-Fried to execute commands that could alter the company's financial records without alerting other people, including external auditors. This set-up meant that the movement of the $10 billion in funds to Alameda did not trigger internal compliance or accounting red flags at FTX, they said." [1]

[1] https://archive.ph/YImJS

That is truly astonishing. How did he think he could get away with it?

I kept wondering how someone who seemed smart, wanted to help others, and admitted that crypto is a Ponzi scheme could end up in crypto. It broke my brain.

Now I see he was a brazen criminal all along and the world makes sense again.

1. Who is transferring the funds?

a. Bankman-Fried and associates

b. insiders (disgruntled)

c. outsiders (hackers)

2. Is it plausible that the transferred funds be laundered?

3. Can this altruism get any more effective?

This story is utterly fascinating. It keeps getting better and better. I remember thinking Mt. Gox was wild. This fraud is second only to Ponzi.

The simplest explanation I have (occam’s razor) is a tie between 1.a and 1.b

I’ve also heard rumors that inside bad actors pushed out a forced FTX app update to gain access to accounts. So the advisory is to uninstall FTX and not go anywhere near that website. Any money one has is unfortunately gone, wait for the bankruptcy proceedings to recoup it, if at all.

> I’ve also heard rumors that inside bad actors pushed out a forced FTX app update to gain access to accounts.

If it's an inside job with this capability you'd likely already have such access?

Only way is that somebody has access to push this, doesn't have access to the keys, and rewrites the app to send them assets or something. But the mass withdrawals imply the keys are compromised, and pushing the app would very unquestionably imply you?

It's quite strange that a bad update was pushed at all since it implies that the bad actor doesn't have key access, but everything else they do does.

Do you think it’s at all likely they were able to exfiltrate the keys or escalate privileges by pushing the malicious update? It’s not an iOS or android update from my understanding, just an update to the backend/content server.
The content server probably wouldn't be useful for getting the keys, unless they have some insane wallet manager.

My best guess is simple key exfiltration?

What I don't get (well I do, lobbying and inside deals), is why these guys have run so long (especially Tether). Just because crypto is a 'decentralised' wild west opposed to government shouldn't mean they sit outside of the laws around fraud, laundering and deception, especially if they're registered companies.

The lack of legal focus, given the obvious illegitimacy of it all is disgraceful and I can't even imagine the size of the wealth transfer happening through all this.

Popular appeal?

All sorts of scams, from dietary supplements to homeopathy pyramid schemes are permitted to carry on because fighting them is too unpopular.

Edit: take a look at Twitter. Crypto folks are busy worried that the Us gov will overreact and regulate crypto over this.

Scientology, herbalife, and other obvious scams have persisted. I think crypto people love getting defrauded, and as long as they enjoy it there won't be much pressure to prosecute.
I Dunn if it is fair to include Scientology in that.

Other than the amounts of money involved, it clearly is a religion.

And in general religions are in business of extracting money from people and using it for their own means. Scientology is not any different from any other. Including the mainstream Christian cults...
Wait is the government a religion?
You may want to check the validity of the syllogism.
The US government is made up of 4 religions: Democrat, Republican, MAGA and Bernie Sanders.
And their means both as determined by their doctrine and expressed by their history vary greatly. In the US religions have been legally defined (a subject of much debate historically) as they are given tax and regulatory exemptions and often public funding. Here’s a good read on the topic from 1969:

https://scholarship.law.nd.edu/cgi/viewcontent.cgi?article=3...

I’m curious, are there specific ones your referring to, or do you consider all mainstream denominations of Christianity cults?

I don't understand the modding down. Does someone want to explain why Scientology is different than, say, the major Christian religions? Or Islam?
Here’s my understanding:

In Christianity, god extorts adherence through the revelation that there’s eternal life after death and the threat of eternal damnation as punishment for insubordination. The requirements to enter Heaven are acknowledgment and acceptance of Jesus’ crucifixion as atonement for your transgressions (and possibly repentance).

In Islam, god extorts adherence through the revelation that there’s eternal life after death and the threat of eternal damnation as punishment for insubordination. The requirements to enter Paradise are not explicitly defined (aside possibly through dying in a Jihad) so strict adherence is arguable more crucial than in Christianity.

In Scientology, god extorts adherence by eliciting confessions of past transgressions on videotaped counseling sessions and threatening public exposure for insubordination, among other tactics.

At least Islam and Christianity funded art, architecture and to some extent science and literacy.

Disclosure: I'm agnostic asymptotically approaching atheist

> Just because crypto is a 'decentralised' wild west opposed to government shouldn't mean they sit outside of the laws around fraud, laundering and deception, especially if they're registered companies.

Entirely speculation, but something fun I've heard repeated occasionally:

If this was "just tech", it could find itself regulated easily. (Though this isn't necessarily the case.)

If it's a geopolitical weapon or spy tool of any consequence, then there may be other stakeholders pushing back against weakening it.

Plausible, borderline conspiratorial, but fun to think about.

'Testbed for CBDCs' and 'black budget money laundering' seem like compelling explanations for the stunning regulatory forbearance (so far) to me. I've also seen speculation that FTX/SBF were intentionally allowed to create Ponzi bubbles of epic proportions in order to discredit decentralized digital currency and make it radioactive in most of the public's mind.
Alternatively, governments knew FTX was a fraud and let it happen to weaken peoples’ faith in crypto.
Or just the usual story of near senile legislators being decades behind actual developments and just not getting it, and therefore not moving quickly enough.
FTX was able to fleece Wall Street investors specifically because of their deep Wall Street connections. This is a corrupt Wall Street story. The only reason they were exposed is because they left evidence on-chain, and people started asking questions. There are very few people who have been in the cryptocurrency space for more than 5 years that had any sort of trust in FTX.

https://twitter.com/concodanomics/status/1591232063906217984

The FTX App has allegedly been hacked as well. This reeks of an inside job/coordinated attack.

Edit: It is rumored that SBF is en-route to Argentina

Second Edit: This is a Twitter rumor, with no verification, could be fake news. I was going to paste the Tweet, but the Tweet has been removed because it was seen as unlikely.

Argentina has an extradition treaty with the US though?
Yeah, I will post the link to the plane that is rumored to be his.
... and extremely porous borders. Doubt anybody would be dumb enough to actually fly directly to their target country.

Also worth noting, due to a quirk in the way Argentina citizenship laws are written once he is in the country he can file immediately for citizenship and he won't be deportable (although he will be extraditable). I'm not an attorney but that may help him in case his passport is revoked.

App not updated in app store. Could popup box be edited in app to be malicious of would such a feature need to already be coded in like Epic’s non app store payments thing?
(comment deleted)
Tether is just as if not more shady than anything coming out of this whole FTX saga. It wouldn't surprise me if people behind the scenes are working on it right now to try and bring it down and be first to claim that scalp.
It gets worse: somebody has pushed what appears to be a malicious update to the FTX app, and the official FTX telegram channel is warning people not to even browse to the website!

https://twitter.com/zachxbt/status/1591293813519253504

I’ve been trying to figure out the technicalities there. Neither the ios nor android apps have updates since the crash.

The update box is clearly based on their pre existing popup used for things like 2FA.

Could this popup have been modified with new text and linked to a new malicious site without an app update on ios or android?

Or, could the popup only function if it was already coded into the app waiting to be activated? Meaning premeditated

It’s pretty common for apps to load some external content from a server to show to the user. This is useful in part because it allows you to update the content without going through the slow app review process. Potentially, if your backend got hacked, the hackers could change this content.
Sure, but your onboarding flow popup buttons? I don’t think app review allows those to be loaded from a website
You can definitely serve content like that from your server and have the app render it (no website required). The review process would not block that.

You could also serve a change like this with an OTA update, again no app store review required, which ios and android allow (as long as you don't fundamentally change the app, and even then they could only catch that retroactively.

Not sure if they'd care if you load it in a webview as long as the UX wasn't substantially different. I seem to recall getting bounced to web auth flows pretty often.

Lots of apps these days are merely shells for web content that is hosted elsewhere.
A couple quick searches for “ftx app react native” makes me believe at least part of their app, if not the entire thing, is react native (it’s possible to have a hybrid native/react native app). It’s totally possible and quite common to be able to load the JavaScript bundle from a remote server. Microsoft has a service to do exactly that called Codepush. Expo also has a service and it’s not very complex to roll your own. How a react native app works is all the native code is compiled into a “shell” of an app and then a JavaScript bundle is loaded (it can be shipped in the binary or loaded from a server) and that’s where all the layout and logic lives. Not only is it possible to make small changes, you could conceivably ship an entirely new app this way as long as you don’t need to add any new native dependencies. Of course the App Store/Play Store don’t allow “major” changes, but they have no real way of knowing. In Apple’s case, you need to provide them with a login for them to review the app (not sure about the play store, but possibly them too). It would be trivially to load one bundle for Apple and another for everyone else. If you had control of the backend you could even target specific accounts and load a compromised bundle with no one else the wiser. It’s fairly easy to strip out the JS bundle to examen, so I’d say targeted attacks would be the smart way to do it. It would give you a lot of time before people caught on vs compromising everyone. I’m sure there’s folks out there already tearing into the js bundle looking for shenanigans.
If half of this drama happened to JP Morgan, it would be bank runs and global depression.
Indeed. But JPM is at least regulated so it shouldn’t happen (post GFC…).
Isn’t this just people that live in the Bahamas draining their own accounts (which is still allowed)?

Plus, obviously, people who can find a random Bahamas native to KYC their account for them.

I imagine a large chunk of FTX users in the Bahamas are FTX employees, and others associated with the company.
At the very least they would know someone there who is a citizen and could withdraw their funds for them. A loophole was utilized where a Bahamanian FTX user would create an NFT on FTX's NFT marketplace, and the locked user would buy it with the price equal to all of their funds. Then the Bahamanian would withdraw to fiat and take their cut. People probably made dozens of millions in a day taking 50% cuts while laundering people's money out.
SBF and Caroline (and probably Trabucco) probably already on their way to non-extradition countries and taking what little cash remains with them. They'll end up in prison if they don't.
Who (which government agency etc.) would be expected to track their whereabouts in this scenario?
DoJ and SEC are both already investigating FTX.
Do the Pinkertons operate worldwide?

Or maybe Black Cube.

The Pinkertons are ruling class goons and it's not clear SBF and his clan aren't as well.
(comment deleted)
The problem with countries that don't extradite to the U.S. is that assassinations tend to be woefully easy.
And extraordinary rendition.

TBH if you look at the data the US doesn't extradite that liberally. Even the Liberian torturer son of Charles Taylor or whatever was safe in the Caribbean despite being extraditable; as long as you didn't commit murder or do something big on the public radar or make political enemies or steal too much money I get the impression the US government doesn't try too hard. But they will definitely try to extradite this fella.

(comment deleted)
This is absolutely wild and unprecedented. Imagine being a victim of Madoff's ponzi and - after already being traumatized by the unveiling of the fraud - discovering that the rest of the money had been stolen.

Madoff's ponzi was larger, but the recovery rate was 88%. It looks like customers who didn't withdraw in time will end up with 0%.

(comment deleted)
Can confirm. Lost 100% of my mtgox holdings in 2013. Theoretically my account balance is 7.73 BTC. I can still log in and see it. Maybe by the time I retire I’ll have recovered like 0.7 BTC. Which amusingly would be the sum of my original $11k investment.

A lot of this is just gambling. People need to go into it with the mindset that the money will be gone tomorrow, and then be pleasantly surprised if it doesn’t.

See this millionaire who is now worth $10k due to FTX: https://www.tiktok.com/t/ZTRxWq77B/

If you've been keeping up with your claim filings you should get around 1.1 to 1.25 BTC (estimate from https://blog.wizsec.jp/2021/02/mtgox-claim-calculator.html?m...)
Thank you for the claim calculator! I spent like an hour trying to understand the calculations manually, but the ~7 pages of dense legalese was hard to decipher.

(I’ll believe it when the coin is in my wallet though. Till then, I mentally moved on a long time ago. It felt like the end of the world at the time, since it was my father’s savings that he’d worked for a decade to save up for his kid one day. Wiping it out over night wasn’t a good feeling, to say the least. But, life goes on, and I was fortunate it was only $11k. An expensive lesson, but one I needed to learn.)

> I can still log in and see it.

Who operates the site?

The Japanese government is handling this pretty well. They assigned a … I’m not sure the term. Manager? Basically some Japanese firm is handling everything related to Gox.

The process has been slow (we’re almost at the one-decade mark) but it does seem to be progressing.

Whereas it’s hard to imagine FTX creditors having any hope whatsoever after this.

So, did Madoff's victims just end up with normal returns like they would have gotten any other way?
The ended up with 0.9x their original capital
It’s important to note they ended up with .9x after thinking their capital had 2x’d or 3x’d.
It's wild to me that he hasn't simply had a heart attack and died from the insanity of his actions and the consequences of it all.

Imagine throwing a life like that and he's barely turned 30. Hubris and foolishness can lead to one's own grave.

edit: I'm not wishing for his death. That's not what my comment was about. More on the psychological impact of deception at this magnitude and could any person cope with that.

He said the whole thing was a calculated risk. He only spent five years on crypto so he has plenty of time to try again. He probably wasn't counting on prison time though.
(comment deleted)
Well, that's one way to look at it. The other way to look at it is that he's still insanely rich even though he's lost the vast majority of his fortune, and he probably has it locked away in a place that the Feds can't get it... so as long as he gets to a non-extradition country, he will probably be better off than 99.99999% of the people currently residing on this planet. I'd rather not travel because authorities are out to get me than not travel because I'm too broke to do so.
(comment deleted)
Fancifully entertaining someone's death is definitely over the line in HN comments. Please don't post like that.

https://news.ycombinator.com/newsguidelines.html

Edit: I'm surprised at how many people are eager to go there:

https://news.ycombinator.com/item?id=33570385

https://news.ycombinator.com/item?id=33570266

https://news.ycombinator.com/item?id=33570205

That is not what HN is for, so please don't.

Apologies if my comment sounded like wishing for someone's death. I promise that was not my intent.

I'm aghast at the magnitude of his disastrous actions and wondering how could someone cope with the situation he put himself in, from a psychological point of view.

I 100% believe you. But just imagine if you were reading comments like those about yourself, and imagine there were a ton of them. We don't want HN to be a generator for that kind of thing. We all tend to underestimate the impact of our comments.
Cryptocurrencies are speedrunning the history of the financial system and why it is the way it is.
After 10 billion USD goes missing you can bet it won't stay unregulated for long.

But yeah it became apparent a while back that some very bad actors, speculators, had become involved in crypto, so I became inactive.

10B didn't go missing, it was stolen and they know stole it and where he put it.

One to two billion is missing and probably stolen.

Are you sure? The numbers I saw that were a draft of the balance sheet showed ~$1 billion in liquid assets, and ~$9 billion in very illiquid, mostly very low volume crypto assets, such that it would likely be hard to even get an additional $1 billion out of that "$9 billion".

Source: https://twitter.com/minigrogu/status/1591104167455510529

A real good takeaway here is how even a single gap in compliance controls can lead to unbounded failures, here I think largely access controls and tracking.

If an exec can just go and cook the books, or like sbf did, "secretly transfer 4bn to alameda", it doesn't matter if you have strict auditors. It doesn't matter if you have compliance and control rules around comingling. This will literally never be visible to anyone in your exchange since their data source is fundamentally wrong.

Nothing they did was proper or legal in the first place! It's already quite regulated in that regard. But they were able to do so in the first place since the required compliance frameworks weren't completely in place.

This is just criminal behavior. There's plenty of fraudsters in the financial system.
(comment deleted)
Cryptocurrencies are working just fine. FTX users didn't actually own any crypto. This is people giving away their money to a criminal business. The whole point of cryptocurrencies is that you don't need to trust a third party.

"Not your keys, not your coins"

Every time one of these cryptoscams matures I curse my rotten, stupid, brain.

If I was smart, I too would be ripping off all of the cryptobros.

Instead I dumb and do honest work.

A) few people can make money off of a ponsi scheme

B) The unregulated crooks are making it so crypto either will be outlawed or regulated (e.g. central exchanges regulated), so you won't be able to scam for very much longer

C) it's not just crypto bros, many people made the speculative investment who are relatively uninterested in it, you are mote likely to defraud your standard investor looking to trade stocks with e.g. Robinhood than any major players.

So don't feel bad or think you have missed out. If you want to defraud someone go sell NFTs, those are literally nonsense sold to idiots...

People will be going to jail for this. Do not take the short term view.
Let's keep out eyes on this. It is a super lurid scenario (to use a word introduced by @dang on this posting).

By "this" I don't mean the earlier bits of the FTX debacle, but specifically this draining event. The statement that "FTX apps are malware" is weird in that it implies they became malware a while back. I could see either hackers penetrating due to inadequate security, or insiders setting up for an opportune time. Until the crypto is tumbled, it will be possible to trace its movements. Perhaps it'll just get frozen somewhere to keep it inaccessible by FTX interests. Let's see how long it takes to determine and locate any suspects for this. I have no guess aa to that, but watching with interest.

Who says the Binance app won't turn into a threat at some point?

To be clear, even the FTX bankruptcy and the way it happened, not even taking this outflow/hack here into account, is jail worthy. The question is whether it falls under US jurisdiction and whether the defense lawyers can be paid enough to somehow avoid this, or postpone for a decade or so.
Oh yes. Some are asking whether this is Lehman or Enron (forgetting Worldcom) I expect this is a love child that we'll call "FTX".
Create products, real value and make money.

At least that’s how I think of it, speculation creates nothing new. Instead it depletes resources that could have otherwise been used on something more meaningful.

Be glad your mind doesn't tempt you with this crap. You'll pay for it one way or another, and in the end, money doesn't matter beyond a very low point.