FTX stolen funds: Russian hackers may be behind

Key Points:

  • FTX stolen funds experienced a $475 million hack, with stolen assets being funneled through various platforms and mixing with Russian-affiliated funds.
  • The hacker behind FTX stolen funds identity remains unknown, but there are speculations of involvement from Russia-linked actors and a possible inside staff within FTX.
  • The movement of stolen assets coincided with Bankman-Fried’s court appearance, raising doubts about his involvement in the fund laundering.
According to analysis by blockchain intelligence firm Elliptic, on-chain data lead to Russian hackers may be behind FTX stolen funds rather than the Lazarus Group, a North Korean hacking group that had previously been suspected.

The investigation of FTX stolen funds

In the aftermath of the collapse of the FTX crypto exchange, a catastrophic event occurred – a massive $475 million hack. Elliptic, a blockchain analytics firm, has revealed findings that shed light on this crisis. Immediately after the breach, $74 million was funneled through RenBridge, which is affiliated with FTX’s sister company, Alameda Research. Out of the $74 million converted from ether at RenBridge in November, 2,849 BTC predominantly went through a platform called ChipMixer, mixing with assets connected to Russian criminal networks.

Elliptic suspected Russian involvement, as stolen assets were mingling with Russian-affiliated funds. Most of the stolen funds remained inactive until just before the Bankman-Fried trial, when approximately 72,500 ETH (worth $120 million) was converted to Bitcoin using THORSwap. Even after THORSwap halted operations, the hacker continued to move funds through THORChain. The bridged bitcoin was then transferred through Sinbad, which is linked to North Korea’s Lazarus Group. While Sinbad raised suspicions, Elliptic argued for a simpler money laundering method, suggesting a stronger connection to Russia.

Hacker behind FTX stolen funds: Identity Remains Elusive

Despite extensive investigation, the hacker’s identity remains elusive. Speculations abound, including the possibility of an inside job involving FTX staff or implicating Bankman-Fried. “A Russia-linked actor seems a stronger possibility,” Elliptic said. “Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges. This points to the involvement of a broker or other intermediary with a nexus in Russia.”

However, concerning fund laundering, Elliptic pointed out a crucial detail: on October 4, 2023, $15 million of stolen assets moved via ThorChain, coinciding with Bankman-Fried’s court appearance without internet access, casting doubt on his involvement. Bankman-Fried is currently on trial in New York, facing charges of defrauding investors out of billions of dollars. He denies all allegations.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

FTX stolen funds: Russian hackers may be behind

Key Points:

  • FTX stolen funds experienced a $475 million hack, with stolen assets being funneled through various platforms and mixing with Russian-affiliated funds.
  • The hacker behind FTX stolen funds identity remains unknown, but there are speculations of involvement from Russia-linked actors and a possible inside staff within FTX.
  • The movement of stolen assets coincided with Bankman-Fried’s court appearance, raising doubts about his involvement in the fund laundering.
According to analysis by blockchain intelligence firm Elliptic, on-chain data lead to Russian hackers may be behind FTX stolen funds rather than the Lazarus Group, a North Korean hacking group that had previously been suspected.

The investigation of FTX stolen funds

In the aftermath of the collapse of the FTX crypto exchange, a catastrophic event occurred – a massive $475 million hack. Elliptic, a blockchain analytics firm, has revealed findings that shed light on this crisis. Immediately after the breach, $74 million was funneled through RenBridge, which is affiliated with FTX’s sister company, Alameda Research. Out of the $74 million converted from ether at RenBridge in November, 2,849 BTC predominantly went through a platform called ChipMixer, mixing with assets connected to Russian criminal networks.

Elliptic suspected Russian involvement, as stolen assets were mingling with Russian-affiliated funds. Most of the stolen funds remained inactive until just before the Bankman-Fried trial, when approximately 72,500 ETH (worth $120 million) was converted to Bitcoin using THORSwap. Even after THORSwap halted operations, the hacker continued to move funds through THORChain. The bridged bitcoin was then transferred through Sinbad, which is linked to North Korea’s Lazarus Group. While Sinbad raised suspicions, Elliptic argued for a simpler money laundering method, suggesting a stronger connection to Russia.

Hacker behind FTX stolen funds: Identity Remains Elusive

Despite extensive investigation, the hacker’s identity remains elusive. Speculations abound, including the possibility of an inside job involving FTX staff or implicating Bankman-Fried. “A Russia-linked actor seems a stronger possibility,” Elliptic said. “Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges. This points to the involvement of a broker or other intermediary with a nexus in Russia.”

However, concerning fund laundering, Elliptic pointed out a crucial detail: on October 4, 2023, $15 million of stolen assets moved via ThorChain, coinciding with Bankman-Fried’s court appearance without internet access, casting doubt on his involvement. Bankman-Fried is currently on trial in New York, facing charges of defrauding investors out of billions of dollars. He denies all allegations.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.