The hacker who stole over $400 million from FTX and FTX US in November may be leveraging the publicity surrounding Sam Bankman-Fried’s fraud trial to further conceal the assets, according to Hugh Brooks, director of security operations at CertiK.
The FTX hacker, dubbed “FTX Drainer,” started transferring millions of dollars’ worth of Ether it had gained in the November attack just days before the start of Bankman-Fried’s criminal trial.
All through the trial, the commotion has persisted. The hacker moved almost 15,000 ETH to three different wallet addresses in the previous three days, a total value of about $24 million.
Brooks speculated that whoever was responsible for the theft of the FTX cash might be feeling more pressure to keep the money hidden now that the trial had begun and received so much media attention.
In addition,
“It’s also plausible that the FTX drainer harbored an assumption that the trial would monopolize so much attention from the Web3 industry that there would be insufficient bandwidth to trace all stolen funds while also covering the trial concurrently.”
Once worth $32 billion, FTX filed for bankruptcy on November 11. On the same day, FTX workers noticed unusually large withdrawals from the exchange’s wallets.
Wired published an article on the night of October 9 that sheds new light on what happened the night of the attack.
Employees at FTX announced that “the fox [was] in the hen house” after discovering that the attacker had full access to a number of wallets and hurried to protect the remaining funds from the hacker.
While waiting to hear back from BitGo, the business tasked with assuming custody of the exchange’s assets following the bankruptcy, the team apparently decided to move a stunning amount of the remaining cash, between $400 and $500 million, to a privately owned Ledger cold wallet.
This action probably stopped the attacker from stealing the full $1 billion.
Meanwhile, Brooks noted that the hacker appeared to have shifted tactics regarding the concealment of financial transactions.
On November 21st, the FTX hacker was caught trying to launder money via the “peel chain” approach, which entails sending smaller and smaller amounts of money to new wallets, or “peeling” them off.
However, Brooks claims that the hacker is now employing a more sophisticated approach to conceal the movement of the stolen funds.
Multiple Bitcoin wallets are used to move small amounts of money from the originating Bitcoin wallet to a chain of other wallets, a strategy that “considerably prolongs” the tracing process.
According to Brooks, the FTX breach is still being investigated and no suspects have been identified.