The director of security operations at CertiK, Hugh Brooks, believes that the hacker responsible for the $400 million theft from FTX and FTX US in November may be taking advantage of the attention surrounding Sam Bankman-Fried’s fraud trial to hide the stolen funds. The hacker, known as “FTX Drainer,” began moving millions of dollars in Ether gained from the November attack just days before Bankman-Fried’s trial began. These movements have continued throughout the trial, with the hacker transferring approximately 15,000 ETH (worth around $24 million) to three new wallet addresses in the last three days.
According to Brooks, the hacker may be feeling an increased urgency to conceal the stolen assets due to the publicity and media coverage of the FTX trial. He suggests that the hacker might have assumed that the trial would monopolize the attention of the Web3 industry, making it difficult to trace the stolen funds while also covering the trial concurrently.
FTX, previously valued at $32 billion, filed for bankruptcy on November 11. On the same day, employees at FTX noticed significant withdrawals of funds from the exchange’s wallets. A report from Wired on October 9 sheds light on the events that occurred during the night of the attack. Upon realizing that the attacker had complete access to several wallets, FTX employees panicked and took action to prevent the hacker from accessing the remaining funds. They decided to transfer a substantial amount of the remaining funds, estimated to be between $400 and $500 million, to a privately owned Ledger cold wallet while awaiting instructions from BitGo, the company responsible for taking custody of the exchange’s assets post-bankruptcy. This move likely prevented the hacker from acquiring a full $1 billion from the attack.
In the meantime, Brooks noted that the hacker appears to have changed their method for obfuscating the stolen funds. Initially, on November 21, the FTX hacker attempted to launder the funds using a “peel chain” method, involving transferring decreasing amounts of funds to new wallets and “peeling off” smaller amounts to even more wallets. However, the hacker has since adopted a more sophisticated method of obfuscation, making it harder to trace the illicit assets. The funds stored in the original Bitcoin wallet are now distributed through multiple wallets, with smaller divisions of funds being transferred to numerous additional wallets, significantly prolonging the tracing process.
Despite ongoing investigations, Brooks stated that no individuals or groups responsible for the FTX hack have been identified thus far. The hunt for the hacker and recovery of the stolen funds continue.
In conclusion, the FTX hacker known as “FTX Drainer” has been moving millions of dollars in Ether gained from the November attack during the trial of Sam Bankman-Fried. The hacker may be using the trial as an opportunity to hide the stolen funds. FTX, which declared bankruptcy in November, managed to prevent the hacker from accessing a large portion of the remaining funds by transferring them to a privately owned cold wallet. The hacker has since changed their method of obfuscating the stolen funds, making it harder to trace them. Investigations into the FTX hack are ongoing, but no suspects have been identified yet.