On November 11-12, 2022, within hours of FTX’s bankruptcy filing, approximately $400 million was drained from FTX exchange and FTX US wallets in a series of unauthorized transactions. The FTX new management team confirmed the hack on November 12. The attackers had obtained access to AWS infrastructure containing private key material and AWS credentials for multiple FTX-related entities. US authorities later charged former FTX executive Ryan Salame and others, but the theft investigation pointed to a separate intrusion distinct from Sam Bankman-Fried’s alleged fraud. The incident occurred at a uniquely chaotic moment when FTX staff were losing access to systems and it was initially unclear whether the withdrawals were unauthorized transfers or an authorized attempt to protect assets. Approximately $220M was ultimately frozen or recovered.