Recent activities by the unidentified hackers responsible for the theft of over $400 million from FTX and FTX US have raised concerns. It is suspected that the hackers have accelerated their movement of stolen funds in recent weeks, potentially utilizing the media attention surrounding Sam Bankman-Fried’s fraud trial as a smokescreen to conceal their illicit activities.
CertiK’s Director of Security Operations, Hugh Brooks, has shed light on the situation, suggesting that the hacker, known as “FTX Drainer,” has been actively transferring millions in Ether acquired from the November attack. These transactions have persisted throughout the trial, with the hacker moving approximately 15,000 ETH (equivalent to roughly $24 million) to three new wallet addresses in the last three days.
FTX Hacker Potentially Using SBF Trial as Cover to Move Stolen Funds, CertiK Warns
Brooks explained, “With the onset of the FTX trial and the substantial public attention and media coverage it is receiving, the individual accountable for draining the funds might be feeling an increased urgency to conceal the assets.” He also noted the possibility that the hacker believed the trial would divert so much attention from the Web3 industry that there wouldn’t be enough bandwidth to track all the stolen funds while simultaneously covering the trial.
FTX, once valued at $32 billion, declared bankruptcy on November 11, following massive fund withdrawals from the exchange’s wallets on the same day of the attack. Wired’s report on October 9 shed light on the events of the attack, revealing the team’s swift decision to transfer remaining funds to a privately owned Ledger cold wallet while awaiting BitGo’s response to take custody of the exchange’s assets post-bankruptcy. This strategic move likely prevented the hacker from gaining access to a full $1 billion during the raid.
Regarding the hacker’s attempts to obscure the illicit funds, CertiK reported a shift in their tactics. The hacker initially employed a “peel chain” method, sending decreasing amounts of funds to new wallets. However, they have recently adopted a more sophisticated approach, distributing funds from the original Bitcoin wallet through multiple wallets, which significantly complicates the tracing process.
Despite ongoing investigations, no individuals or groups associated with the FTX hack have been identified, according to Brooks.