The director of security operations at CertiK, Hugh Brooks, suggests that the hacker responsible for the theft of over $400 million from FTX and FTX US in November may be taking advantage of the attention surrounding Sam Bankman-Fried’s fraud trial to further conceal the stolen funds. This comes as the hacker, known as “FTX Drainer,” has recently been moving millions of dollars worth of Ether gained from the attack.
The movements of the stolen funds have been ongoing throughout the trial, with the hacker transferring approximately 15,000 ETH (equivalent to $24 million) to three new wallet addresses in the last three days. Brooks speculates that the hacker might feel an increased urgency to hide the assets due to the media coverage and public attention surrounding the trial.
Furthermore, it is plausible that the FTX drainer anticipated that the trial would monopolize the attention of the Web3 industry, making it difficult to trace the stolen funds while also covering the trial concurrently. This strategy could potentially help the hacker evade detection as the focus of the industry shifts towards the trial.
In November, FTX declared bankruptcy after being valued at $32 billion. On the same day, employees of the exchange noticed significant withdrawals of funds from their wallets. A report from Wired sheds light on the events that unfolded during the attack. Upon realizing that the attacker had complete access to a series of wallets, the FTX team frantically moved a substantial amount of the remaining funds, estimated to be between $400 and $500 million, to a privately owned Ledger cold wallet while awaiting instructions from BitGo, the company responsible for custody of the exchange’s assets post-bankruptcy. This move likely prevented the hacker from gaining a full $1 billion in the heist.
Brooks also reveals that the hacker has changed their method of concealing the stolen funds. Initially, the FTX drainer attempted to launder the funds using a “peel chain” method, where decreasing amounts of funds were sent to new wallets and smaller amounts were peeled off to new wallets. However, the hacker has now adopted a more sophisticated technique that distributes the funds stored in the original Bitcoin wallet through multiple wallets, making it more challenging to trace the transactions.
At present, investigations into the FTX hack are ongoing, and no specific individuals or groups have been identified as responsible for the attack. Brooks and his team at CertiK continue to work towards uncovering the truth behind the theft.
The FTX hack serves as a reminder of the vulnerabilities within the cryptocurrency industry and the importance of robust security measures. As the industry continues to grow and attract more attention, hackers are constantly devising new ways to exploit weaknesses. It is crucial for businesses and individuals involved in cryptocurrencies to remain vigilant and implement strong security measures to protect their assets.