Blockchain Analysts: FTX Hacker Funds Are on The Move, Here’s Where They’re Headed
Funds said to be stolen from the now-bankrupt crypto exchange FTX are on the move and likely headed for exchanges as hackers attempt to cash out the proceeds.
According to an update from the blockchain intelligence company Chainalysis, the funds have already been converted from Ethereum (ETH) to Bitcoin (BTC) through RenBridge (REN), a protocol that allows for decentralized cross-chain transfers between a number of different blockchains.
The next likely move, according to Chainalysis, is for the funds to be sent to a coin-mixing service in order to obfuscate where they have originated from before the hackers will attempt to cash out.
“We are in touch with our partners across the ecosystem as we work to help secure as many assets as possible to return to depositors,” Chainalysis wrote.
3/ Funds were bridged from ETH to BTC, likely to be mixed prior to a cash out attempt. You can see this morning’s movements in Reactor: pic.twitter.com/U7Gfr1hHsX— Chainalysis (@chainalysis) November 20, 2022
Worth noting, however, is that any further transfers between ETH and BTC using RenBridge is expected to become more difficult going forward, with RenBridge already announcing a freeze on new renBTC mints. And although this was announced for reasons not related to the FTX hack, it would still mean that any remaining ETH that the hackers may be in possession of may need to be sold directly to fiat.
The situation around RenBridge was also pointed to by the popular Twitter user kamikaz_ETH, who said the hackers are “actively dumping ETH on-chain.”
“He’s selling ETH to wBTC to renBTC through aggregators like 1inch,” the user added.https://www.twitter.com/kamikaz_eth/status/1594257499129270273
Shortly after the tweet, the same user tweeted again, saying the freeze that RenBridge has announced has now incentivized the hackers to “dump the ETH asap.”https://www.twitter.com/kamikaz_ETH/status/1594326230542974977
As of Monday morning in Europe, the selling of ETH to BTC was still happening, with 185,000 ETH now remaining in the hacker’s main wallet, according to kamikaz_ETH.https://www.twitter.com/kamikaz_ETH/status/1594624471335591936
Unclear circumstances around the hack
It remains unclear who exactly drained FTX for the funds, with some claiming it must have been an inside job and others hinting the Bahamas government could also somehow be involved.
LIVE: FTX Drainer (Aka Bahamas Gov?) Liquidating ETH— Garlam (@GarlamWON) November 20, 2022
Addy #1 – 0x59
Addy #2 – 0x86
Flow So Far
– Move $ETH from #1 to #2
– Swap $ETH for $renBTC
– Send it to NULL Addy
– Sold 31k $ETH for 2.2k $renBTC
– Sending all $renBTC to NULL Address (ETH Genesis Address)
Notably, FTX itself has also issued a warning about the funds and asked exchanges to return any funds from the hack. “Exchanges should take all measures to secure these funds to be returned to the bankruptcy estate,” a tweet from FTX’s official Twitter account said.
(2/2) Exchanges should take all measures to secure these funds to be returned to the bankruptcy estate.— FTX (@FTX_Official) November 20, 2022