Elliptic traces the $400 million in stolen FTX assets to Russian cyber criminals, RenBridge, and money movement mixers.
Approximately $400 million of stolen assets from the now-defunct FTX cryptocurrency exchange may have been traced to cybercriminal organizations based in Russia. This discovery is based on a comprehensive analysis by Elliptic, a prominent research firm.
A significant portion, 65,000 ETH (equivalent to $100 million), was transferred to the Bitcoin blockchain five days after the robbery. For this, the perpetrators utilized RenBridge’s services.
In addition, the criminals utilized a blockchain-based tool known as a mixer to conceal their traces further. Elliptic’s report emphasized, “Of the 4,536 Bitcoins converted from ether at RenBridge, 2,849 BTC underwent mixing, mainly using a ChipMixer service.”.
Nonetheless, this method is not a failsafe. At least $4 million of these assets were transferred to various exchanges, indicating a potential cash-out effort.
Russian Criminal Organizations Likely Responsible for FTX Robbery, ‘ChipMixer’, was shut down following international scrutiny and a joint law enforcement operation.
Therefore, the perpetrators shifted their mixing needs to another service named Sinbad. Identifying the perpetrators remains difficult, but certain patterns in the wallet data and the path of fund transfers may provide hints.
In addition, while there have been hypotheses implicating rogue FTX employees or even the notorious North Korean hacker group Lazarus, recent evidence points to a Russian connection.
According to Elliptic’s analysis, “a Russian-affiliated actor appears likely.” Prior to reaching exchanges, a significant portion of the stolen assets merged with funds linked to Russian criminal syndicates, including funds associated with ransomware attacks and darknet markets. Elliptic states:
“points to the involvement of a broker or other intermediary with a nexus in Russia.”
Sam Bankman-Fried Faces Charges
The story of FTX took a dramatic turn on November 11, 2022. Within hours of announcing bankruptcy and Sam Bankman-Fried’s resignation, FTX, and FTX US accounts were depleted. Federal prosecutors charged Bankman-Fried with multiple counts of fraud shortly thereafter.
A few days before Bankman-Fried’s trial, the previously inert stolen assets began exhibiting movement. Using the Railgun privacy wallet and THORChain exchange, thieves exchanged over 15,000 ether from stolen assets for other tokens earlier this month.
