Elliptic finds apparent Russian connection in laundering of FTX stolen funds
Quick Take
- Elliptic found on-chain indications of Russian actors in the laundering of the assets stolen from FTX last year.
- The analytics firm believes a Russia-linked broker or intermediary might have been involved.
Days after the collapse of crypto exchange FTX, as though things couldn't get any worse, the beleaguered exchange was hacked for over $475 million. Elliptic, a blockchain analytics firm, said it has now found some clues that might shed light on who was behind the attack.
Shortly after the breach happened, $74 million was channeled via RenBridge, a platform associated with FTX’s sister company, Alameda Research.
Out of the 4,536 bitcoins ($74 million) converted from ether at RenBridge in November, 2,849 BTC were processed through mixers, primarily the ChipMixer service. These funds then intermingled with assets connected to Russian criminal networks, encompassing ransomware culprits and darknet marketplaces, Elliptic said.
“A Russia-linked actor is likely. Upon tracing the stolen assets through ChipMixer, we found significant amounts mingled with funds from Russian-affiliated criminal entities, before their dispatch to exchanges. This convergence signals the possible engagement of a broker or intermediary rooted in Russia,” analysts at Elliptic said.
The majority of the stolen funds from the FTX hack lay dormant until just prior to the recent Bankman-Fried trial, only to resurface in the early hours of Sept. 30. The perpetrator converted about 72,500 ETH ($120 million) to Bitcoin using the THORSwap cross-chain exchange. Even after THORSwap paused operations on Oct. 6, the hacker managed to bridged funds through THORChain via other venues, Elliptic noted.
Following the conversion, the bridged bitcoin was passed through Sinbad, a mixer service with documented affiliations to North Korea’s Lazarus Group. While the use of Sinbad introduces suspicions surrounding the Lazarus Group, Elliptic argued that the laundering strategies employed here are less intricate and suggested the laundering method makes a Russian link more probable.
Hacker identity still remains unclear
Nevertheless, the identity of the hacker remains elusive, according to Elliptic. Speculations abound, suggesting the heist might have been an internal operation, potentially implicating FTX staff or even pointing to Bankman-Fried as a suspect.
Yet, concerning fund laundering, Bankman-Fried might have an alibi. Elliptic highlighted a specific instance on October 4, 2023, when $15 million of the stolen assets was moved via ThorChain — a time when Bankman-Fried was reportedly in court without internet access.
© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.