FTX Exchange, the target of a high-profile hacking incident in November 2022, has once again come under the spotlight as the anonymous hackers behind the attack have resumed their activities. Blockchain analytics firm Elliptic reported that a substantial portion of the stolen assets, totaling 72,500 Ether (ETH), has been on the move since the beginning of September 2023. This development coincides with the commencement of the trial of FTX founder Sam Bankman-Fried.
Stolen ETH converted to Bitcoin
Elliptic’s report reveals that the hackers responsible for the FTX breach have taken action by converting approximately $120 million worth of Ether (ETH) into Bitcoin (BTC). This conversion took place through the multichain decentralized exchange THORSwap, with transactions occurring as recently as September 30, 2023. Subsequently, the BTC was sent through the sanctioned cryptocurrency mixer Sinbad (formerly known as Blender).
The initial conversions began just days before Sam Bankman-Fried’s trial began on October 3. At the time of the original hack, the converted amount represented $87 million, accounting for 18% of the total stolen funds amounting to $477 million.
The laundering technique employed in this recent series of transactions closely mirrors the approach used during the original hack in November 2022. During the initial breach, the hacker transferred 65,000 ETH, equivalent to $100 million, into Bitcoin using the cross-chain bridge known as RenBridge.
THORSwap takes action
THORSwap, the decentralized exchange used by the hacker for the latest ETH to BTC conversions, has taken measures to address the issue of illicit transactions. On October 6, THORSwap temporarily halted swaps on its platform to explore permanent solutions aimed at preventing unauthorized and suspicious transactions.
Elliptic’s report highlights that a significant portion of the stolen ETH, approximately 180,000 ETH, remained dormant until September 30, 2023, when it suddenly came back to life. At this point, the dormant assets had appreciated to a staggering value of $300 million.
Despite nearly a year passing since the initial FTX hack, the identity of the perpetrators remains unknown. Elliptic has suggested three potential actors who may be behind the theft: individuals with insider knowledge at FTX, the North Korean Lazarus Group, or Russia-linked criminal organizations.
Elliptic’s report raises the possibility of FTX employees being involved in the theft, citing that some employees would have had access to the exchange’s crypto assets for operational purposes. The chaotic circumstances surrounding the company’s bankruptcy and collapse could have presented an opportunity for an insider to seize these assets.