A day after FTX filed for bankruptcy, the firm’s hot wallets were drained by hackers, walking away with nearly $650 million in altcoins.
Now, after various bridgings and on-chain chicanery, the attacker is left with holdings of more than $367 million across various major blockchains.
The attacker laundered proceeds using decentralized exchanges (DEX) and cross-chain bridges, reported blockchain intelligence firm Arkham Intelligence.
A total of almost $20 million in PAXG was frozen across the attacker's 4 addresses that hold PAXG.
The attacker also attempted to obfuscate fund transfers on BSC by 'swapping' tokens with the recipient address set to a separate address, 0x2cb. pic.twitter.com/dLxYyWPuNf
According to Elliptic, cross-chain bridges are widely used by hackers to launder stolen funds. “Chain hopping,” the movement of stolen funds between different blockchains, helps hackers evade tracing by enforcement agencies.
Here’s how it went down.
On November 12, 2022, roughly $650 million in ill-gotten funds were routed from FTX’s hot wallet to two wallet addresses, one on Solana and the other on Ethereum.
Since then, the hacker’s wallet address bridged the funds to different blockchain networks, including Binance Smart Chain, Polygon, and Avalanche, according to data from respective block explorers.
Law enforcement agencies were, however, able to freeze nearly $20 million in Paxos Gold (PAXG) tokens linked to the attack on November 14.
Hacker’s wallet holdings across Ethereum, Binance Smart Chain, Polygon, and Avalanche. Source: Debank
According to data from debank, the hacker’s wallet address holds nearly 229,000 Ethereum (ETH) and 8,184.9 Paxos Gold (PAXG) tokens on Ethereum.
On Binance Smart Chain, the wallet holds nearly 108.454 million BNB and 1.685 million DAI stablecoin. Avalanche hosts about 3.970 million in Tether’s stablecoin USDT in the hacker’s wallet address.
Solana decentralized exchange Raydium has deployed its native token launchpad, which is designed to rival the popular Pump.fun. This comes almost a month after Pump.fun deployed its own decentralized exchange, cutting ties with Raydium in the process.
LaunchLab by Raydium offers a more sophisticated token creation process, compared to Pump.fun’s simplistic approach. The new launchpad allows for deployers to toy with the token supply, how many tokens will be sold on the bonding curve, and how muc...
A desperate man commits an act of self-inflicted violence on a livestreaming site in the hopes of collecting a windfall of digital money from strangers. Sound familiar?
No, we’re not talking about outrageous exploits related to meme coin trading sensation Pump.fun. Or well, not explicitly. We’re outlining the plot of an episode in the latest season of “Black Mirror.”
The first installment of the hit Netflix sci-fi series’ latest season, which debuted Thursday, centers on a plot that appears rip...
Decentralized exchange Hyperliquid delisted perpetual futures for the Solana-based meme coin JELLYJELLY on Wednesday, describing the move as critical to ensuring its network’s integrity amid a looming liquidation crisis.
Hyperliquid uses its own high-speed blockchain, built upon the Ethereum layer-2 network Arbitrum, and the project said its networks’ validators had convened to take “decisive action,” in a post on X (formerly Twitter).
The decision came after a Hyperliquid user opened a $6 milli...
