Hacker News new | ask | show | jobs
by vishnugupta 1319 days ago
The simplest explanation I have (occam’s razor) is a tie between 1.a and 1.b

I’ve also heard rumors that inside bad actors pushed out a forced FTX app update to gain access to accounts. So the advisory is to uninstall FTX and not go anywhere near that website. Any money one has is unfortunately gone, wait for the bankruptcy proceedings to recoup it, if at all.
1 comments
vgatherps 1319 days ago
> I’ve also heard rumors that inside bad actors pushed out a forced FTX app update to gain access to accounts.

If it's an inside job with this capability you'd likely already have such access?

Only way is that somebody has access to push this, doesn't have access to the keys, and rewrites the app to send them assets or something. But the mass withdrawals imply the keys are compromised, and pushing the app would very unquestionably imply you?

It's quite strange that a bad update was pushed at all since it implies that the bad actor doesn't have key access, but everything else they do does.

link
drewmol 1318 days ago
Do you think it’s at all likely they were able to exfiltrate the keys or escalate privileges by pushing the malicious update? It’s not an iOS or android update from my understanding, just an update to the backend/content server.
link
vgatherps 1318 days ago
The content server probably wouldn't be useful for getting the keys, unless they have some insane wallet manager.

My best guess is simple key exfiltration?

link