Most of the funds taken from the insolvent exchange have been blended with those of Russian offenders.
Elliptic, a blockchain surveillance company, claims there is a ‘robust likelihood ‘ that a mysterious Russian-associated entity was behind FTX’s hacking. First, the idea of funds moving while Sam Bankman-Fried (SBF) was in a courtroom in Manhattan evokes concerns regarding the suggestion that he was behind the funds’ theft.
FTX Stolen Funds Movement Exonerates Bankman-Fried Involvement
In a blog post, Elliptic wrote that on October 4th, 2023, at 3.41 pm EST, stolen crypto worth $15M was moved. At this time, SBF was in court and had no access to the internet.
On Thursday, the firm offered a timeline disclosing how the stolen funds were moved. Since the hack’s occurrence, most of the proceeds were attached to Bitcoin (BTC) and run via ChipMixer, an illicit BTC privacy mixer previously shuttered by the Justice Department.
Elliptic wrote that from the stolen assets that are traceable via ChipMixer, considerable amounts are merged with funds linked to Russian criminals before being sent to exchanges. Examples of these criminals include darknet markets and ransomware gangs. This indicates that a broker or intermediary connected to Russia was involved.
The exchange lost 9500 Ethereum to a mysterious hacker on the same day FTX filed for insolvency in November last year. In this case, the hacker transferred assets from a single FTX wallet to another address. Afterward, they claimed additional crypto assets amounting to $477M, which includes Wrapped Bitcoin, Pax Gold, Tether, and more.
Despite freezing some funds to comply with regulators, most were effectively exchanged for alternative cryptocurrencies and attached to alternative blockchain days later.
ChipMixer Deployed to Erase Blockchain Trail of Stolen Funds
According to Elliptic, the move aims to curtail the blockchain trail, making it harder to track finds. In addition, it makes it more challenging to offer access to blockchain services that promote laundering.
On November 20th, hackers used RenBridge to transfer 65000 ETH. Afterward, most of them were sent to ChipMixer. Ironically, Alameda Research, which had a common balance sheet with the hacked FTX exchange, owned RenBridge.
THORSwap was used to transfer another 72500 ETH ($120m) to BTC after a nine-month delay. So far, the interface has been suspended to address money laundering issues. With ChipMixer out of the equation, most funds were mixed via Sinbad. According to Elliptic, this mixer is a rebrand of Blender, which the United States Treasury Department sanctioned for playing a role in the Lazarus Group from North Korea.
Despite the link, Elliptic is not convinced that Lazarus is responsible for the hack in FTX owing to the hacker’s moderately ‘simple’ money laundering tactics compared to the former.
Editorial credit: mundissima / Shutterstock.com