Hacker Takes Advantage of Public Attention
The hacker responsible for stealing over $400 million from FTX and FTX US in November may be using the high-profile trial of Sam Bankman-Fried to further obscure the stolen funds, according to Hugh Brooks, Director of Security Operations at CertiK.
In the lead-up to Bankman-Fried's criminal trial, the hacker, known as "FTX Drainer," began moving millions in Ether that it had acquired from the November attack.
The movement of funds has continued during the trial, with the hacker transferring approximately 15,000 ETH (worth around $24 million) to three new wallet addresses in the past three days.
"With the start of the FTX trial and the significant public attention and media coverage it is receiving, the individual responsible for draining the funds may feel an increased urgency to hide the assets," said Brooks.
"It is also possible that the FTX drainer assumed that the trial would consume so much attention from the Web3 industry that there would be insufficient resources to trace all the stolen funds while also covering the trial concurrently."
FTX's Dramatic Fall and Fight to Protect Remaining Funds
FTX, once valued at $32 billion, declared bankruptcy on November 11. On the same day, FTX employees noticed large-scale withdrawals of funds from the exchange's wallets.
A report from Wired on October 9 sheds light on the events that unfolded during the night of the attack.
Upon discovering that the attacker had complete access to a series of wallets, the FTX team realized that "the fox was in the hen house" and acted swiftly to prevent further loss of funds.
While waiting for instructions from BitGo, the company in charge of handling the exchange's assets post-bankruptcy, the FTX team made the decision to transfer a substantial amount of the remaining funds (between $400 and $500 million) to a privately owned Ledger cold wallet.
This move likely prevented the hacker from gaining access to a full $1 billion in the attack.
Evolving Methods of Fund Obfuscation
Meanwhile, Brooks revealed that the hacker seems to have altered its technique for hiding the stolen funds.
On November 21, the FTX hacker attempted to launder funds using a "peel chain" method, sending decreasing amounts of funds to new wallets and gradually diverting smaller amounts to additional wallets.
However, the hacker has since adopted a more sophisticated approach to obscure the transfer of illicit assets, explained Brooks.
The funds stored in the original Bitcoin wallet are now distributed among multiple wallets, with smaller divisions of funds being transferred to a series of additional wallets.
This tactic significantly prolongs the tracing process, making it more difficult to identify and recover the stolen funds.
Ongoing Investigation
Brooks stated that no individuals or groups linked to the FTX hack have been identified yet, and investigations are still ongoing.
