In a recent development, blockchain analytics company Elliptic may have made significant strides in identifying the group responsible for the multi-million-dollar hack that plagued the now-defunct cryptocurrency platform FTX. Their investigation delved into the purportedly unsophisticated methods employed by the hackers in money laundering.
FTX, a crypto empire, plunged into bankruptcy in November 2021, and its co-founder, Sam Bankman-Fried, stepped down from his role as the CEO of the crypto derivatives exchange. Subsequently, the platform fell victim to malicious actors who siphoned off an estimated $477 million worth of cryptocurrencies from its reserves.
For a considerable duration, the identity of the attacker remained shrouded in mystery. However, their recent activities, commencing in late September, piqued the interest of the cryptocurrency community. This intrigue was further fueled by the fact that, after nearly a year of inactivity, they began transferring substantial sums of funds.
Elliptic’s Findings
Based on Elliptic’s most recent findings, the method employed by the FTX attacker to launder their ill-gotten gains is “distinct and unsophisticated” when compared to the techniques typically utilized by the North Korea-backed Lazarus Group. Their approach involves converting the stolen assets into Bitcoin by utilizing RenBridge, a service owned by Alameda Research, the bankrupt cryptocurrency hedge fund co-founded by Bankman-Fried, in addition to ChipMixer and other cryptocurrency mixing tools aimed at obfuscating their trail.
Speculations and Clarifications
Speculations emerged last year suggesting that Bankman-Fried may have orchestrated the hack of his own empire as a means of salvaging some funds. However, Elliptic’s analysis, based on the available data, challenges this theory.
Elliptic’s report suggests an alternative scenario, pointing to a Russia-linked actor as a stronger possibility. The investigation uncovered that a significant portion of the stolen assets, traceable through ChipMixer, were combined with funds from Russian-linked criminal groups, including ransomware gangs and darknet markets, before ultimately finding their way to cryptocurrency exchanges.
A Closer Look at the Stolen FTX Funds
The majority of the pilfered FTX funds were held in Ether (ETH) and remained dormant for several days. Subsequently, the attacker moved 65,000 ETH, which equates to approximately $100 million, using RenBridge, followed by ChipMixer, and managed to cash out “at least US$4 million” after these funds were deposited on various cryptocurrency exchange platforms.
Indications of Russian Links
Tom Robinson, co-founder and chief scientist at Elliptic, pointed out that “It’s looking increasingly likely that the perpetrator has links to Russia.” It’s essential to note that Elliptic refrains from explicitly attributing the hack to a Russian actor, but the findings do suggest it as a distinct possibility.
Connecting the Dots
Elliptic was the first to establish a connection between the FTX hacker and Russian cybercrime, particularly when they uncovered that some of the funds ended up in the same locations where cryptocurrencies originating from Russian-linked ransomware hackers and dark web markets were stored.
Consideration of Insider Involvement
In a balanced approach, Elliptic acknowledged the potential for insider involvement in the hack or its execution. They raised the possibility that some FTX employees might have exploited the turmoil that ensued when the company declared bankruptcy to transfer the cryptocurrency assets.
Conclusion
The investigation conducted by Elliptic provides valuable insights into the identity and potential motives of the FTX crypto hack perpetrator. While conclusive attribution remains elusive, the data suggests a link to Russia and sheds light on the methods used to launder the stolen funds. As the cryptocurrency world continues to grapple with security challenges, such investigations serve as a critical tool in understanding and combating malicious actors in the space.