The FTX attacker, nearly dormant for almost 10 months since the hacking incident, suddenly began converting millions of dollars worth of ETH to BTC at the end of September. The timing of these significant fund transfers coincides with the start of the trial of FTX founder Sam Bankman-Fried, serving as a perfect cover to conceal the illegal activities of the hacker group.
CertiK’s Director of Security, Hugh Brooks, stated that the hacker group, which stole $400 million from the FTX exchange, is leveraging the media attention on Bankman-Fried to make handling the illegally acquired assets easier.
On November 11, 2022, accounts related to both FTX and FTX US were drained just hours after FTX declared bankruptcy. This event occurred shortly after the company’s founder, SBF, announced his departure from the global cryptocurrency empire.
In early October, the transferred amounts were relatively low, ranging from 1,250 ETH to 2,500 ETH. However, on October 2, the hacker executed a transaction of up to 4,500 ETH. Subsequently, the transaction amounts mostly increased to 7,500 ETH each.
Before the October 4th transaction, the hacker had transferred 30,000 ETH on October 2nd and 3rd in four installments of 7,500 ETH each. The tokens were converted to BTC through THORChain and Railgun.
The identity of the hacker remains a mystery, but they are cunning criminals using sophisticated methods to legitimize illicit assets. According to Brooks, “After storing in a Bitcoin wallet, hackers began transferring the entire sum through multiple additional wallets to make it difficult for investigative teams to trace.”
John J. Ray III, assuming the role of CEO and Director of Restructuring Oversight Procedures at FTX, later reported that the hack resulted in a loss of $323 million in various types of tokens from FTX’s international exchange. The U.S. platform suffered a separate loss of $90 million.