Skip to main content

The FTX Hack: The Mystery of the $600 Million

 


Shortly after the bankruptcy, the FTX exchange is “hacked”. The hacker looted more than half a billion dollars worth of tokens, exchanged them for ether – and dumped them on the market. But what does the government of the Bahamas have to do with it?


The collapse of FTX keeps the market in suspense and we will continue to report on it. Today we turn to something that has received little attention: the hack—or the alleged hack. Like everything about FTX, it's going to be...extreme.


So: A few hours after FTX declared bankruptcy, on November 12, the exchange reported a hack: They are investigating unauthorized transactions that pay out coins.


The blockchain analyst Elliptic specified this a little later: The “hack” – Elliptic put the word in double quotes on purpose – sold assets worth 477 million dollars. Another analyst, Nansen, put the haul at $659 million. The specific value is likely to fluctuate extremely, since it was a rather colorful basket: a large number of coins - stablecoins, DeFi tokens, memecoins, wrapped ether ... - on a wide variety of blockchains - Ethereum, Polygon, Solana, BNB, Avalanche, Tron etc


The hacker then immediately started moving the coins through the DeFi ecosystem: He first led them to the Ethereum blockchain via various bridges and exchanged them for ether there. This was probably done to protect them from being frozen. This didn't quite work out as Tether and Paxos reacted swiftly, freezing around $100 million in stablecoins. The rest, however, ended up on an ether wallet.


The hack came at the right time. It seemed a little too much on schedule, and of course it wasn't for a second before the rumor was raised that it was an inside job: that Sam Bankman-Fried or some other employee of the bankrupt exchange was getting what there was yet to get. Shortly thereafter, the suspicion was confirmed: A transaction led to a Tron wallet from the Kraken exchange, and its CSO Nick Percoco explained that the wallet was linked to the official FTX account. This account is now of course frozen.


So that could close the case. Or?

The explanation is unsatisfactorily too simple. An inside job - who then uses the official account at Kraken? Someone smart enough to withdraw the coins and pulling out all the stops to protect them from censorship - is that making such an obvious mistake?


Something doesn't add up.


Shortly thereafter, a new suspect came into play, and one no one would have guessed: the government of the Bahamas, where FTX was registered. An application to the US bankruptcy court in Delaware read the following, unfortunately in somewhat convoluted legal jargon:


In connection with the Saturday, November 13 investigation into the hack, Mr. Bankman-Fried and [FTX Co-Founder and CTO Gary] Wang stated that the 'Regulators of the Bahamas' have directed certain asset transfers of the Debtors executed by Mr. Wang and Mr. Bankman-Fried (who, as the Debtors know, were effectively in the custody of the Bahamas authorities) [...] The Debtors therefore have credible evidence that the Bahamas government is responsible for the unauthorized Having requested access to the debtor's system with the intention of obtaining its digital assets...


In a press release that followed shortly thereafter , the Bahamas government confirmed this in clearer terms:


Nassau, The Bahamas, Thursday November 17, 2022 – On November 12, 2022, the Securities and Exchange Commission of the Bahamas ('the Commission') ordered […] that all digital assets of FTX Digital Markets Ltd. transferred to a digital wallet controlled by the Commission.


Now the story makes sense: Sam Bankman-Fried, or rather Gary Wang, emptied the wallets on orders from the Bahamas government. Hence the official account at Kraken. That the government of a small Caribbean state would use the methods of hackers to plunder a bankrupt exchange is exciting. Or, as someone put it on Twitter, “The SEC thought they were gangsta; then the Securities and Exchange Commission of the Bahamas came on the field.”

As a result of the switch, the hacker had accumulated 228,523 Ether on his wallet, worth almost $300 million at the time. This made him the 35th largest Ethereum holder. Him – so the government of the Bahamas, which is exciting again.


Or? Are we still missing a piece of the puzzle?

black and white

If the Bahamas government ordered the “hack,” it makes some sense that the coins would go to an official FTX account. But it makes another facet of the story even more absurd: that the hacker acted like a hacker — and didn't stop.

On November 20th, the hacker started selling the ethers through onchain exchanges. Not against dollar tokens, but against tokenized bitcoins, either wBTC or renBTC. Would the government of the Bahamas really react like that? Would it be legal to exchange confiscated assets? At this point at the latest, doubts about this variant began to spread.

Analyst ZachXBT offers a plausible explanation: It was both and. Both a hacker - and the government of the Bahamas. FTX was looted by two hands, a white hat, on behalf of the government, and a black hat, a criminal.


The two behave completely differently: The white hat paid out the coins to multisig addresses and sent them from there to exchanges such as Kraken. This is how someone behaves who has nothing to hide.


Another address - 0x59 - behaved quite differently. She sold tokens and used bridges to accumulate the coins on the Ethereum address. She sent coins to the Huobi exchange, known for lax money laundering controls, via detours, passing through an address associated with a semi-legal Russian exchange. She acted like a thief in the night.


But why is the hacker selling the ethers? What's the point of having bitcoin tokens that may be frozen by providers like BitGo (WBTC)?


This question leads us to the last exciting detail of the hack.


Money laundering, with a difference

The sale of ethers against bitcoin continued over the following days. packet by packet. This had the effect of causing the price of ether to plummet against bitcoin, from around 0.073 to 0.069 BTC.


Then Web3 data analyst d0xScope presented an interesting find that explains a lot: an address that borrowed more than $10 million in USDC or Ether via DeFi platforms and deposited them on exchanges - again and again, and each time before the FTX Hacker sold ether.

This forms an interesting idea of ​​how the hacker cashed out his loot: instead of getting the coins clean himself via mixers and other methods, he manipulates the markets to profit from them with another account unrelated to the hack, by betting on falling prices.


The logical consequence would be - or is already - that after dropping the ether he sells the bitcoins for ether again in order to make money from the reverse bet. And so on – until he flies up, probably sooner rather than later. His accounts are probably already known to the stock exchanges and blocked.

My Top Picks
Honeygain - Passive earner that pays in BTC or PayPal
MandalaExchange -The Best no KYC crypto Exchange! 
Womplay - Mobile dApp gaming platform that rewards in EOS and Bitcoin
Cointiply - The #1 Crypto Earning Site
LiteCoinPay - The #1 FaucetPay earner for Litecoin 
LBRY/Odysee - YouTube Alternative that lets you earn Money by viewing videos!
FaucetPay - The #1 Microwallet Platform
FREEBTC - The #1 FaucetPay earner for Satoshi's
FireFaucet - An earning site that pays better for some than Cointiply
xFaucet - BTC, ETH, LTC, Doge, Dash, Tron, DGB, BCH, BNB, ZEC, FEY - Claim every 5 minutes
Konstantinova - BTC, ETH, LTC, Doge, Dash, Tron, DGB, BNB, ZEC, USDT, FEY, 25 Claims Daily

Comments

Post a Comment

Popular posts from this blog

From offchain to offchain: Statechains meets Lightning

  Without a doubt, the most significant off-chain Bitcoin solution is the Lightning network. But in its wake, the statechain has emerged as an intriguing replacement. There is currently a proposal to link the two offchain networks. From an ocean, for example, you can see sunbeams glistening in the water, waves rippling, and possibly a jellyfish drifting toward the light. But you only see a small portion of it. The distance from the sea's surface to its bottom is hundreds of meters. It has dozens of different fish species swimming in it, crabs and starfish crawling on the bottom, shells clinging to rocks, and sea plants climbing up. A completely new world starts where your gaze diverges. You can picture a blockchain like Bitcoin, just like the sea. What you see on the outside is only a small portion of what is actually there; the set of UTXOs (coins) and transaction history that full nodes store are just the beginning of a much larger world. It's the plan, at least. With Bitcoin
Post a Comment
Read more

MSP Recovery and Tokenology aim to optimize healthcare with the help of Polygon

  MSP Recovery LLC, a Miami, US-based healthcare provider with an estimated enterprise value of $32.6 billion, is partnering with Web3 company Tokenology to jointly launch a new blockchain platform called Lifechain. Lifechain wants to leverage the verifiable and transparent nature of blockchain technology to aggregate medical care claims, medical expense reports and patient data and streamline their processing. For this purpose, MSP Recovery launched its own LifeWallet in January, which already has 1 million users. In addition to the wallet and blockchain platform, an associated crypto token called LifeCoin is also used. The press release explains that the primary purpose of the system is to enable secondary healthcare providers to more effectively bill health insurance companies for their costs. “The number of medical claims tokenized going forward will surpass $50 million per day by 2024. For this we need scalability, security and sustainability, which we have only found with Polygon
Post a Comment
Read more

British financial regulator criticizes cooperation between Binance and Paysafe

  The British financial regulator FCA has expressed concerns about the partnership between market-leading crypto exchange Binance and payment service provider Paysafe. As the British regulator complains, the partnership gives Binance access to the influential British payment network Faster Payments Service (FPS), from which the crypto exchange was previously cut off. Last June, the FCA ordered Binance to stop all business activities in Great Britain. As a result, prominent banks such as Barclays have terminated their cooperation with the leading crypto trading platform . Through the cooperation with Paysafe, Binance can now again offer deposits in British pounds sterling and transactions within the European Payments Area (SEPA). However, this fact is a thorn in the side of the FCA, as it classifies the crypto exchange as a “considerable risk factor”. However, the financial regulator sees little room for maneuver to counteract this, as the Financial Times reports . “ Paysafe understands
Post a Comment
Read more