Share this article
Tech
FTX 'Hacker' Moved 15K ETH This Weekend
The moving funds, coming soon before FTX founder and former chief executive Sam Bankman-Fried goes on trial, deepens one of the ongoing mysteries around the exchange's collapse last year.
Updated Oct 2, 2023, 8:04 p.m. Published Oct 2, 2023, 7:47 a.m.
All 15,000 ether (ETH) sitting in a wallet associated with last year's $600 million attack on FTX's wallets have now moved through privacy tools and bridges.
In November 2022, hours after FTX and its related companies filed for bankruptcy, an unknown party managed to drain various wallets of as much as $600 million. About $26 million worth of ETH – 15,000 ether – sat in a single wallet until earlier this weekend, when a first tranche of 2,500 ETH ($4 million) began moving, ultimately ending up at the Thorchain bridge, the Railgun privacy wallet, or intermediary addresses.
The remainder of these funds have now moved, with many of them similarly landing up at the Thorchain router. Some of these funds also went to a contract labeled "Metamask: Swap Router."
Railgun is a privacy wallet that lets users store tokens and use funds for decentralized financial services, such as lending and borrowing. These transactions are shielded, meaning the exact use of such funds is not known. On the other hand, Thorchain is a bridge that lets users freely swap tokens between different blockchains without the fear of getting their transfers blocked.
As such, addresses associated with the exploit may have moved over $32 million worth of ether using THORChain, as per estimates.
The moving funds, coming soon before FTX founder and former chief executive Sam Bankman-Fried goes on trial, deepens one of the ongoing mysteries around the exchange's collapse last year. The identity of the party or parties behind the attack was never identified.
Read more: Millions in Ether Tied to FTX 'Hacker' on The Move
After the exploit, several addresses amassed various tokens, such as ETH and the dai (DAI) stablecoin, and swapped it all into 37,000 ether. The address held more than 288,000 ether at peak and was once the 35th-largest owner of the cryptocurrency, as previously reported.
Here's the hacks / stolen funds I identified so you can check my work:
— Tay 💖 (@tayvano_) October 1, 2023
1. FTX Accounts Drainer (Not DPRK)
Total: 19,944 ETH (~$32m)
7,499 ETH in 4 Txn - 0x6e0e8dac46c3ebffd67887097dfda10d11dcbab6
4,749 ETH in 3 Txn - 0x68cc13a43da1e1ba7de3002df8a07665ea8b5f5f
3,999 ETH in 3…
Bankman-Fried was charged with two counts of wire fraud and five counts of conspiracy to commit various forms of fraud by federal prosecutors last year, weeks after stepping down from his role at FTX. He resigned the same day FTX filed for bankruptcy.
With reporting by Bradley Keoun.
Nikhilesh De
Nikhilesh De is CoinDesk's managing editor for global policy and regulation, covering regulators, lawmakers and institutions. When he's not reporting on digital assets and policy, he can be found admiring Amtrak or building LEGO trains. He owns < $50 in BTC and < $20 in ETH. He was named the Association of Cryptocurrency Journalists and Researchers' Journalist of the Year in 2020.
Shaurya Malwa
Shaurya is the Co-Leader of the CoinDesk tokens and data team in Asia with a focus on crypto derivatives, DeFi, market microstructure, and protocol analysis. Shaurya holds over $1,000 in BTC, ETH, SOL, AVAX, SUSHI, CRV, NEAR, YFI, YFII, SHIB, DOGE, USDT, USDC, BNB, MANA, MLN, LINK, XMR, ALGO, VET, CAKE, AAVE, COMP, ROOK, TRX, SNX, RUNE, FTM, ZIL, KSM, ENJ, CKB, JOE, GHST, PERP, BTRFLY, OHM, BANANA, ROME, BURGER, SPIRIT, and ORCA. He provides over $1,000 to liquidity pools on Compound, Curve, SushiSwap, PancakeSwap, BurgerSwap, Orca, AnySwap, SpiritSwap, Rook Protocol, Yearn Finance, Synthetix, Harvest, Redacted Cartel, OlympusDAO, Rome, Trader Joe, and SUN.
