Elliptic’s on-chain investigation indicates that the stolen funds seem to have connections with Russian cybercriminal organizations.
As FTX and its disgraced founder, Sam Bankman-Fried’s courtroom drama continued to unfold in Manhatten, revealing astonishing details that led to the crypto giant’s unraveling, elsewhere, the trail of stolen funds from the exchange has been found to have a Russian connection.
FTX filed for bankruptcy on November 11, 2022. Later that day, the exchange was hacked for $477 million.
Russian Linked-Actor Behind FTX Heist?
The majority of the funds, primarily in ether (ETH), remained inactive for a period of five days. Subsequently, a substantial sum of 65,000 ETH (equivalent to $100 million) was moved to the Bitcoin blockchain using the RenBridge service.
The perpetrators then utilized a mixer. Out of the 4,536 Bitcoins converted from Ether through RenBridge, approximately 2,849 BTC was sent through mixers, predominantly a service called ChipMixer. At least $4 million found its way to crypto exchanges, where it could potentially be converted into cash.
There is speculation that the perpetrators could have made off with a larger sum if not for the swift action taken by FTX staff and bankruptcy advisors. They successfully safeguarded assets of over $300 million before the thief had a chance to gain access to them.
Blockchain intelligence firm Elliptic stated that a Russia-linked actor seems a stronger possibility behind the theft. Notably, a substantial portion of the pilfered assets, traceable through ChipMixer, appears to be mingled with funds from Russian-affiliated criminal organizations, such as ransomware collectives and darknet markets, before eventually being transferred to cryptocurrency exchanges.
This suggests the potential involvement of an intermediary, possibly a broker, with ties to Russia.
It is also worth highlighting that a significant portion of the stolen funds remained inactive for several months, only becoming active shortly before the start of Bankman-Fried’s trial. This is in contrast to the typical norm where crypto money launderers are known to wait for years to transfer and liquidate their assets once public interest has waned.
Possible Suspects
In its latest research, Elliptic also raised suspicions regarding FTX employees who would have had access to the business’s crypto assets to move them for operational reasons. Given the chaotic circumstances surrounding FTX’s bankruptcy and downfall, it could have been feasible for an insider to steal these assets.
Bankman-Fried is another person under suspicion, but Elliptic acknowledged that his limited internet access would hinder any laundering attempts.
Elliptic also indicated that FTX’s lax security practices may have facilitated the theft by an external party. The new CEO of FTX revealed that private keys granting access to the company’s crypto assets were stored without encryption, and a former employee disclosed that over $150 million was taken from Alameda Research due to inadequate security measures.
Moreover, the utilization of the Sinbad mixer could potentially suggest the involvement of North Korea’s Lazarus Group, known for some of the largest digital asset heists. However, the methods used to launder the stolen assets appear distinct and less sophisticated compared to Lazarus Group’s typical tactics.