FTX filed for bankruptcy in the US on Nov. November 2022 and sought legal protection as it seeks a way to return funds to users.
Jonathan Raa | Nurphoto | Getty Images
Hackers who stole around $477 million worth of cryptocurrency from collapsed exchange FTX have started laundering the funds Bitcoin.
This month, after FTX filed for bankruptcy, new CEO John Ray III said “unauthorized access to certain assets has occurred”.
Blockchain analysis firm Elliptic estimates that around $477 million worth of cryptocurrencies were stolen from FTX.
The theft adds another insult to FTX, a once $32 billion crypto empire whose collapse sent shockwaves across the industry.
The stolen money was converted into various digital coins, but the bulk of it – more than $280 million – was exchanged for the cryptocurrency etheraccording to public blockchain records of the account linked to the hackers.
Elliptic co-founder Tom Robinson told CNBC that the hackers are converting the ether into a crypto product called RenBTC, which is then converted to bitcoin via a bridge. This allows one crypto to be converted into another without having to go through a centralized exchange.
“This is a common tactic in crypto theft laundering,” said Robinson.
Elliptic researchers have documented how RenBridge was used to launder “hundreds of millions” of dollars in cryptocurrency suspected of coming from ransomware attacks or hacks. Some of these hacks have ties to Russian-backed ransomware groups, according to Elliptic.
So far, $74 million has been transferred from RenBTC to Bitcoin with RenBridge.
Alameda, a trading company and sister company of FTX, acquired RenBridge in 2021 as part of FTX’s broader effort to grow Solana and Serum.
Serum is a “decentralized exchange” with a Serum token that runs natively on Solana and promises users faster settlement and execution times. FTX and Alameda were big supporters of the project that was forked in an attempt to prevent FTX control after bankruptcy.
On Wed Nov. November, FTX users noticed unusual cryptocurrency transfers, prompting fears that FTX’s platform had been compromised. Posts in FTX’s Telegram thread suggested that the app and platform had indeed been infiltrated and compromised.
Further allegations that Bankman-Fried was working with regulators in the Bahamas to remove crypto from FTX wallets came after a Vox interview — which Bankman-Fried later claimed he had as a casual conversation with a reporter friend understood – in which the ex-CEO of FTX pinned the alleged theft of FTX crypto to a disgruntled employee.
FTX filings said they discovered the Bahamian remittances while investigating the crypto theft over the weekend. What these filings left unanswered was whether these two were one and the same or two separate occurrences.
It is still unclear how much the assets taken into custody by Bahamian regulators are worth. CNBC reported an emergency court filing by FTX on 11/18 to halt further action by Bahamas regulators. FTX filings claimed that Bankman-Fried may have been working with these regulators.
At some point, hackers will want to cash out that money in fiat. However, Robinson said that this will be “challenging” due to the “traceability of crypto.”
He said he expects the hackers to “use mixers to cover their blockchain trail.”
Mixers are services or software that allow a trail of crypto transactions to be obfuscated on the blockchain, making it difficult or impossible to trace those funds, Robinson said.
“This could be one of the motivations for moving these assets to bitcoin – the greater availability of mixing services,” he added.
The blockchain is a public record of crypto activity. Each coin can have its own blockchain. In this way, it is possible to understand to a certain extent where the funds are going. Using mixers could complicate this.
Crypto compliance software company Chainalysis also confirmed in a tweet on Sunday that hackers are moving funds.
FTX on Sunday urged cryptocurrency exchanges to be on the lookout for the stolen funds if the hackers attempt to process the funds through one of their services.
“Exchanges should take all steps to ensure these funds are returned to the bankruptcy estate,” FTX said in another tweet.
According to court filings, FTX owes its top creditors around $3.1 billion. Put another way, the money hacked accounts for about 15% of what FTX owes to its largest clients alone.
Bankman-Fried once oversaw a sprawling crypto empire that spanned every inhabited continent and claimed trillions in assets. The FTX implosion has left Bankman-Fried paper-deprived and investors no longer have access to their crypto assets.