The simplest explanation I have (occam’s razor) is a tie between 1.a and 1.b
I’ve also heard rumors that inside bad actors pushed out a forced FTX app update to gain access to accounts. So the advisory is to uninstall FTX and not go anywhere near that website. Any money one has is unfortunately gone, wait for the bankruptcy proceedings to recoup it, if at all.
> I’ve also heard rumors that inside bad actors pushed out a forced FTX app update to gain access to accounts.
If it's an inside job with this capability you'd likely already have such access?
Only way is that somebody has access to push this, doesn't have access to the keys, and rewrites the app to send them assets or something. But the mass withdrawals imply the keys are compromised, and pushing the app would very unquestionably imply you?
It's quite strange that a bad update was pushed at all since it implies that the bad actor doesn't have key access, but everything else they do does.
Do you think it’s at all likely they were able to exfiltrate the keys or escalate privileges by pushing the malicious update? It’s not an iOS or android update from my understanding, just an update to the backend/content server.
I’ve also heard rumors that inside bad actors pushed out a forced FTX app update to gain access to accounts. So the advisory is to uninstall FTX and not go anywhere near that website. Any money one has is unfortunately gone, wait for the bankruptcy proceedings to recoup it, if at all.