1
Crypto Hacking - Bitcoin Bybit/flickr.com

Blockchain analytics firm Elliptic may have identified the group behind the multi-million hack of the now-defunct crypto empire FTX by looking into its unsophisticated methods of laundering money.

After FTX entered bankruptcy in November 2021 and its co-founder Sam Bankman-Fried resigned from his post as the crypto derivatives exchange's CEO, the platform was attacked by malicious actors, draining an estimated $477 million in crypto from its coffers.

While for the longest time, the attacker remained inactive, their recent activities, which started late September, triggered the interest of the crypto community, especially since they are moving millions of funds after nearly a year of inactivity.

Based on the latest report by Elliptic, the FTX attacker's method of laundering their loot is "distinct and unsophisticated compared to those typically used by North Korea-backed Lazarus Group" since it is converting its stolen funds to Bitcoin using RenBrdige, a service owned by Alameda Research, the bankrupt crypto hedge fund also co-founded by Bankman-Fried, and ChipMixer, along with other crypto mixing tools to hide their tracks.

There were rumors last year that Bankman-Fried was behind the hack of his empire, which was allegedly an attempt to salvage some funds for himself.

But, Elliptic, based on the data, thinks otherwise.

"A Russia-linked actor seems a stronger possibility. Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges," the blockchain analytics firm said in its report.

The stolen FTX funds were mostly in Ether (ETH) and remained dormant for several days before the attacker moved 65,000 ETH, equivalent to approximately $100 million, using RenBrdige and then ChipMixer and cashed out "at least US$4 million" after they were moved to crypto exchange platforms.

"It's looking increasingly likely that the perpetrator has links to Russia," Elliptic co-founder and chief scientist Tom Robinson said, noting that "we can't attribute this to a Russian actor, but it's an indication it might be."

The blockchain analytics firm was the first to find the link between the FTX hacker and Russian cybercrime, particularly when it uncovered that some of the funds ended up in the same place where cryptocurrencies from Russian-linked ransomware hackers and dark web markets were kept.

However, Elliptic acknowledged the potential that an insider may have carried out or aided the exploit. It pointed out the possibility that some employees at FTX could have taken advantage of the turmoil that ensued when the company declared bankruptcy to move its cryptocurrency assets.