FTX hacker dumps 50,000 ETH, still among top 40 Ether holders

Published at: Nov. 21, 2022

The hacker behind the bankrupt cryptocurrency exchange FTX started transferring their Ether (ETH) holding to a new wallet address on Nov. 20. The FTX wallet drainer was the 27th largest ETH holder after the hack but dropped by 10 positions after the weekend ETH dump.

The FTX hacker drained nearly $447 million out of multiple FTX global and FTX.US exchange wallets just hours after the crypto exchange filed for Chapter 11 bankruptcy on Nov. 11. Majority of the stolen funds were in ETH, making the exploiter the 27th largest ETH whale.

On Nov.20, the FTX wallet drainer 1 transferred 50,000 ETH to a new address, 0x866E. The new wallet address then swapped the ETH for renBTC (ERC-20 version of BTC) and bridged to two wallets on the Bitcoin blockchain. One of the wallets bc1qvd…gpedg held 1,070 renBTC while another wallet bc1qa…n0702 held 2,444 renBTC.

#CertiKSkynetAlert FTX Wallet Drainer is now the 37th largest holder of ETHDropped 10 places after transferring 50,000 ETH to 0x866E this morning We’re also continuing to see ETH swapped for renBTC in 0x866E Wallet currently holds ~1127 renBTC and ~19k ETH pic.twitter.com/sPJjtoWwud

— CertiK Alert (@CertiKAlert) November 20, 2022

Crypto analytic group CertiK later tracked the bridged renBTC on bc1qvd…gpedg address and found that the address employed a money laundering technique called peel chain to launder the renBTC.

A Peel chain is a technique to launder a large amount of cryptocurrency through a lengthy series of minor transactions. A small portion is ‘peeled’ from the subject’s address in a low-value transfer. These incremental laundered funds are often transferred to exchanges where they can be converted to fiat currency or other crypto assets.

Related: FTX hacker is now the 35th largest holder of ETH

At the time of the FTX hack, there were two parties involved, one black hat that managed to drain $447 million and a white hat that managed to move $186 million of FTX assets to cold storage. However, when Bahaman Securities and Exchange Commission released a notice suggesting they are trying to move assets from the FTX, it raised many eyebrows, with many claiming that the securities regulator was, in fact, the black hat behind the exploit.

Did you see this? Bahamian SEC claims to have (tried to?) "transfer all digital assets" to a digital wallet that they, not FTX, controls. If FTX is the white hat, then isn't the Bahamian govt the black hat?https://t.co/ddbEmx2nyq

— zkSTONKs (@zkSTONKs) November 20, 2022

On-chain analyst ZachXBT highlighted the token transfer pattern of the black hat wallet and said that the wallet was dumping tokens and bridging sporadically was a very different behavior from the other addresses that withdrew from FTX and instead sent to a multisig on chains like Ethereum or Tron.

Looking at the movement of funds and the techniques involved in the transfer of these funds, It’s unlikely that FTX wallet drainer 1 is under the control of the Bahamian government based on today’s on-chain activity. The BTC activity is consistent with a peel chain, a form of money laundering that would be highly unusual for a government agency to be involved in.

Tags
Ftx
Related Posts
The impact of Bitcoin hacking incidents on the crypto market
In the 2013–2017 period, 29 hacks occurred in the Bitcoin market where a total of 1.1 million Bitcoin were stolen. Noting that the average price for Bitcoin (BTC) in December 2020 exceeded $20,000, the corresponding monetary equivalent of losses is more than $22 billion, which strongly highlights the societal impact of this criminal activity. What did crypto exchanges do to address this problem? Nowadays, about 90% of exchanges use some kind of cold storage system, which means that digital assets are stored offline. Keeping Bitcoin offline considerably reduces the threat from hacking attacks. Related: Roundup of crypto hacks, exploits and …
Blockchain / Jan. 24, 2021
Previously Hacked Gatecoin Exchange Receives Liquidation Order Following Banking Problems
Gatecoin, a crypto exchange that was hacked in May 2016, has announced on March 13 that it has received a winding up (compulsory liquidation) order from an unspecified court. The company wrote that Gatecoin will have to cease operation with immediate effect, noting that the exchange will assist in the liquidation process in order to distribute assets to the creditors. The Hong Kong-based exchange had suffered a major hack back in May 2016, with around $2 million in cryptocurrencies lost after the firm reported a security breach that gave hackers access to Gatecoin’s hot wallets. According to the team’s statement …
Bitcoin / March 14, 2019
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Crypto sleuth debunks 3 biggest misconceptions about the FTX hack
On-chain sleuth ZachXBT has shared his findings on what he sees as the three most common misconceptions about the FTX hack — taking to Twitter to correct a "ton of misinformation" about the event and the possible culprits. In a lengthy Nov. 20 post on Twitter, the self-proclaimed “on-chain sleuth” debunked speculation that Bahamian officials were behind the FTX hack, that exchanges knew the hacker's true identity, and that the culprit is trading memecoins. 1/ I have seen a ton of misinformation being spread on Twitter and in the news about the FTX event so let me debunk the three …
Bitcoin / Nov. 21, 2022
Here's how to quickly spot a deepfake crypto scam — cybersecurity execs
Crypto investors have been urged to keep their eyes peeled for "deepfake" crypto scams to come, with the digital-doppelganger technology continuing to advance, making it harder for viewers to separate fact from fiction. David Schwed, the COO of blockchain security firm Halborn told Cointelegraph that the crypto industry is more “susceptible” to deepfakes than ever because “time is of the essence in making decisions” which results in less time to verify the veracity of a video. Deepfakes use deep learning artificial intelligence (AI) to create highly realistic digital content by manipulating and altering original media, such as swapping faces in …
Blockchain / Jan. 13, 2023