Blockchain surveillance firm Elliptic now says there’s a “stronger possibility” that fallen crypto exchange FTX’s mysterious hacker was a Russian-linked entity.
For starters, the fact that funds moved while FTX founder Sam Bankman-Fried was in a Manhattan courtroom casts doubt on the hypothesis that he stole the money.
“At 3:41pm EST on October 4th 2023, $15 million of the stolen crypto was moved—at which time Bankman-Fried was reportedly in court, without internet access,” Elliptic wrote in a blog post.
On Thursday the company provided a timeline detailing the on-chain movements of the hacker’s stolen funds. Since the hack took place, much of the proceeds were bridged to Bitcoin and run through ChipMixer—an unlicensed Bitcoin privacy mixer shuttered by the Justice Department earlier this year.
“Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges,” wrote Elliptic. “This points to the involvement of a broker or other intermediary with a nexus in Russia.”
On the same day that FTX filed for bankruptcy last November, the exchange lost 9,500 Ethereum (ETH) to a still unknown hacker, who transferred their assets from one of FTX’s wallets to a new address. The hacker later claimed a host of other crypto assets totaling $477 million, including Pax Gold (PAXG), Tether (USDT), Wrapped Bitcoin (WBTC), and others.
Hundreds of Millions of Dollars Drained From FTX Overnight in 'Unauthorized' Transfers
Several wallets allegedly belonging to FTX were drained of hundreds of millions of dollars in coins late on Friday night, with much of the funds transferred from Tether (USDT) into stablecoin DAI, and from staked Ethereum (stETH) into Ethereum (ETH). It was the same day that FTX filed for Chapter 11 bankruptcy, and it looked too soon, too late at night, and too sophisticated for the actions to be attributed to liquidators. The exodus, all visible on blockchain tracker Etherscan, totaled around $...
While some funds were frozen in compliance with regulators, most were successfully swapped for other cryptocurrencies and bridged to other blockchains in the following days.
“This helps to break the blockchain trail, making it more difficult to trace funds, as well as providing access to services on blockchains that facilitate further laundering,” said Elliptic.
On November 20th, hackers transferred 65,000 ETH to Bitcoin using RenBridge, of which many were later sent to ChipMixer. RenBridge was ironically owned by Alameda Research, which shared a balance sheet with the hacked FTX exchange.
After a nine-month delay, another 72,500 ETH ($120 million) were transferred to Bitcoin using THORSwap, which has since suspended its interface to address money laundering concerns. With ChipMixer gone, much of those funds were instead mixed through Sinbad—a mixer Elliptic believes is a rebrand of Blender, which was sanctioned by the U.S. Treasury Department for aiding the North Korean Lazarus Group.
Feds Flag More Bitcoin, Ethereum Addresses Tied to Chinese Fentanyl Trade
The United States Treasury’s Office of Foreign Assets Control (OFAC) added another batch of crypto wallets from individuals and companies to its specially designated nationals (SDN) list on Tuesday, all tied to illegal fentanyl trade. The drug trafficking network, primarily centered in China, used a variety of cryptocurrencies to facilitate some of its operations. Six entities and their digital wallet addresses have now been flagged by the government, including five individuals and one company—V...
Despite the connection, Elliptic doesn’t believe Lazarus is behind the FTX hack due to the hacker’s relatively “unsophisticated” money laundering methods compared to the former.
