A year after the collapse of FTX, one of the largest cryptocurrency exchanges in the world, the hacker who stole $477 million worth of crypto assets from the platform has resumed moving and laundering the funds.
According to blockchain analytics firm Elliptic, the hacker initially swapped the stolen tokens for Ether (ETH) and Bitcoin (BTC) using decentralized exchanges (DEXs) and cross-chain bridges, services that allow users to transfer assets between different blockchains without intermediaries.
The FTX Hacker Continues to Move Money Around
The hacker also used mixers, such as ChipMixer and Sinbad, to obscure the origin and destination of the funds by blending them with other users’ cryptoassets. However, the hacker lost about $94 million in the process, due to seizures by token issuers, exchange fees, and price fluctuations.
The hacker then paused the laundering activity for nine months, until late September 2023, just before the start of the trial of Sam Bankman-Fried, the former CEO of FTX who was arrested and charged with embezzling billions of dollars from customers.
Since then, the hacker has moved about $120 million worth of ETH to BTC using another cross-chain bridge called THORSwap, which was recently suspended due to its involvement in illicit transactions.
The hacker has also continued to use Sinbad, a mixer that is linked to North Korea’s Lazarus Group, a notorious cybercrime syndicate that has been behind some of the biggest crypto heists in history.
Elliptic suggests that the hacker may have connections to Russia-based criminal groups, such as ransomware gangs and darknet markets, as some of the stolen funds have been combined with bitcoins being laundered by these actors.
The identity and motive of the hacker remain unknown, as well as whether they acted alone or with accomplices. Elliptic says that it is possible that the hacker was an insider who had access to FTX’s private keys, or an external attacker who exploited FTX’s poor security practices.
The case of FTX highlights the challenges and risks of crypto laundering, as well as the need for effective regulation and oversight of the crypto industry. Elliptic’s latest report on cross-chain crime provides insights and guidance on how to detect and investigate these complex cases.
