Russian Cybercriminal Groups Suspected in FTX Hack

Updated: 12 October 2023

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

An estimated $400 million that went missing from Sam Bankman-Fried’s bankrupt FTX may be linked to Russian cybercriminal groups, research firm Elliptic says.

It reported on Oct. 12 that the funds that were stolen in November 2022, mostly in ether (ETH), remained inactive for five days before a substantial amount, 65,000 ETH ($100 million), was moved to the Bitcoin blockchain using the RenBridge service.

After that, the attackers utilized a mixer, a blockchain-based tool, to hide their tracks.

“Of the 4,536 Bitcoins converted from ether at RenBridge, 2,849 BTC was sent through mixers, predominantly a service called ChipMixer,” Elliptic said. “Tracing these assets becomes more challenging, however at least $4 million was transferred to exchanges, where it may have been cashed out.”

The cryptoassets stolen from FTX — The crypto assets stolen from FTX (Source: Elliptic)

Unveiling the Suspects

While the individuals behind the attack remain unidentified, there is hope that insights from wallet data and an examination of fund movements could provide essential leads.

The suspects linked to the FTX hack encompass a wide spectrum, ranging from potential rogue FTX employees to the well-known North Korean hacking group, Lazarus, which has a track record of exploiting various cryptocurrency systems, Elliptic said.

But the balance of evidence leans more toward “a Russia-linked actor,” it said.

Elliptic also highlighted that a significant part of the stolen assets, which can be tracked through ChipMixer, seem to have connections with funds from criminal groups associated with Russia, including ransomware gangs and secretive online markets, before eventually reaching cryptocurrency exchanges.

The complex set of clues could indicate the involvement of an intermediary or middleman connected to Russia, the report said.

Daily number of transactions involving the stolen assets (Source: Elliptic)

FTX Fallout

The FTX hack had profound consequences, hitting both the international exchange and its U.S. platform. In the wake of the attack, Sam Bankman-Fried faced criminal charges.

Inside Bitcoins reported that stolen assets that had remained dormant for about a year began moving shortly before Bankman-Fried’s trial commenced and have continued to be on the move.

Just this month, over 15,000 ether, equivalent to nearly $25 million, were exchanged for other tokens using the privacy wallet Railgun and the THORChain exchange.