The hacker responsible for stealing over $400 million from FTX and FTX US in November could be using the hype around Sam Bankman-Fried’s fraud trial to further obfuscate the funds, says CertiK’s director of security operations Hugh Brooks.
Only days before the start of Bankman-Fried’s criminal trial, the FTX hacker, known as “FTX Drainer,” began moving millions in Ether it had gained from the November attack.
The movements have continued throughout the trial. In the last three days, the hacker transferred approximately 15,000 ETH (worth roughly $24 million) to three new wallet addresses.
“With the onset of the FTX trial and the substantial public attention and media coverage it is receiving, the individual accountable for draining the funds might be feeling an increased urgency to conceal the assets,” said Brooks.
“It’s also plausible that the FTX drainer harbored an assumption that the trial would monopolize so much attention from the Web3 industry that there would be insufficient bandwidth to trace all stolen funds while also covering the trial concurrently.”
FTX, which had once been valued at $32 billion, declared bankruptcy on Nov. 11. That same day, employees at FTX began noticing massive withdrawals of funds from the exchange’s wallets.
An Oct. 9 report from Wired has provided fresh insight into how events transpired during the night of the attack.
After FTX employees realized that the attacker had complete access to a series of wallets, the team declared that “the fox [was] in the hen house” and scrambled to keep the remaining funds out of the hacker’s hands.
The team reportedly made the decision to transfer a staggering amount of the remaining funds — between $400 and $500 million — to a privately owned Ledger cold wallet, while waiting to hear back from BitGo, the company tasked with taking custody of the exchange’s assets post-bankruptcy.
The move likely prevented the attacker from gaining a full $1 billion in the raid.
Related: FTX hacker’s wallet stirs as Ethereum ETFs prepare for US debut
Meanwhile, Brooks explained that the hacker appears to have changed its method for obscuring funds.
On Nov. 21, the FTX hacker was observed attempting to launder funds by using a “peel chain” method, which involves sending decreasing amounts of funds to new wallets and “peeling” off smaller amounts to new wallets.
However, the hacker has recently been using a more sophisticated method to obscure the transfer of the illicit assets, said Brooks.
The new laundering method being employed by the FTX hacker as recorded on Oct. 2. Source: CertiK
The funds stored in the original Bitcoin wallet are distributed through multiple wallets, transferring smaller divisions of funds to a series of additional wallets, a tactic that “considerably prolongs” the tracing process.
Brooks said they have yet to identify any individuals or groups that could be behind the FTX hack, and that investigations are continuing.
Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis
