The astronomical $477 million theft from the now-defunct crypto exchange FTX occurred almost a year ago, yet the hacker is still at large. However, Elliptic, a top blockchain analytics company, has painstakingly charted the convoluted path of the stolen money, illuminating the offender's attempts to cover up and launder their tracks. A chunk of the stolen assets allegedly contained bitcoins connected to infamous Russian cyber groups.
Stolen FTX Crypto Trail Mapped by Elliptic, with Connections to Russian Cyber Gangs
A turbulent November 2022 saw FTX file for bankruptcy. Its CEO, Sam Bankman-Fried (SBF), was accused of stealing money from customers on that same day. A cunning hacker took advantage of the opportunity and stole a startling amount from FTX's open wallets. Recent research from Elliptic shows that the cybercriminal quickly started a laundering spree through decentralized exchanges and cross-chain portals in order to hide their trails and avoid asset seizure.
The hacker skillfully converted the stolen tokens into popular cryptocurrencies like ether using services like Renbridge before transferring the money into bitcoin. Elliptic reported that Renbridge, a platform ironically run by FTX's sister company Alameda Research, saw a flow of approximately $74 million. According to Elliptic's analysis, the hacker sent the bitcoin through mixing services like Chipmixer to further obscure his actions.
 |
| The stolen assets are shown switching to ETH via decentralized exchange (dex) platforms in a screenshot taken with Elliptic's Investigator software. These are then transferred through Chipmixer and bridged to BTC. |
A sizeable amount of ether worth more than $300 million was left unclaimed in the perpetrator's digital safe for almost nine months. The hacker restarted laundering operations as September 2023 came to a conclusion, using new cross-chain bridges and bitcoin mixers when older ones were subject to restrictions or confiscation.
Elliptic's detectives were able to identify instances through tracking where the laundered monies appeared on exchanges after being mixed in with other transactions. Elliptic asserts that these transactions came into contact with accounts connected to Russian-based fraudsters. Such hints point to the probability that the hacker is from Eastern Europe, diverting from earlier suspicions that the offender is a member of North Korea's infamous Lazarus Group, even though the hacker's true identity is still unknown.
What do you think of Elliptic's research finding that the FTX hacker used Russian cyber gangs to funnel money? Post your ideas and viewpoints on this topic in the comments area below.