In a recent development surrounding the FTX hack, CertiK’s director of security operations, Hugh Brooks, has raised concerns that the hacker responsible for stealing over $400 million from FTX and FTX US in November might be leveraging the media attention surrounding Sam Bankman-Fried’s trial to conceal the movement of stolen funds. This news comes as the hacker, known as “FTX Drainer,” has been seen transferring millions in Ether gained from the attack, even as the trial unfolds.
The FTX hacker, under the alias “FTX Drainer,” initiated a series of transfers involving stolen Ether shortly before the commencement of Sam Bankman-Fried’s criminal trial. These movements have persisted throughout the trial’s duration, with the hacker shifting approximately 15,000 ETH, valued at around $24 million, to three new wallet addresses in the last three days.
Hugh Brooks of CertiK postulates that the heightened public scrutiny and media coverage surrounding the FTX trial may be motivating the hacker to expedite efforts to obscure the illicitly acquired assets. Brooks Suggests that the hacker may have anticipated that the trial’s prominence within the Web3 industry would divert attention away from tracking the stolen funds, thus providing an opportune smokescreen.
FTX’s high-stakes battle against a mysterious hacker
FTX, once a valuation heavyweight at $32 billion, declared bankruptcy on November 11th, the same day when the extent of the hacker’s actions became apparent. On that fateful day, FTX employees noticed substantial withdrawals from the exchange’s wallets. Recognizing the dire situation, the team took immediate action to safeguard the remaining assets, described as “the fox in the hen house.”
The team decided to transfer an astounding sum, between $400 and $500 million, into a privately owned Ledger cold wallet. This strategic move was made while awaiting a response from BitGo, the company responsible for taking custody of the exchange’s assets post-bankruptcy. This decision likely thwarted the hacker’s attempt to walk away with a full $1 billion.
Over the course of the investigation, it appears that the FTX hacker has altered their strategy for obscuring the stolen funds. Initially, on November 21st, they attempted to launder the assets through a “peel chain” method, involving the sequential transfer of decreasing amounts of funds to new wallets while “peeling” off smaller sums to newer wallets.
However, Brooks highlights that the hacker has since adopted a more sophisticated technique. The illicitly obtained funds have been fragmented and distributed across multiple wallets, with smaller portions being transferred to an array of additional wallets. This method significantly complicates efforts to trace and recover the assets, prolonging the investigative process.
Despite extensive efforts, investigators have yet to identify the individuals or groups responsible for the FTX hack. CertiK’s Hugh Brooks confirmed that the investigations remain ongoing as they work diligently to unmask the culprits behind this substantial cryptocurrency theft.
