A study conducted by blockchain analysis company Elliptic suggests possible connections between the FTX hacking episode from last November, leading to a loss of roughly $400 million, and cybercrime rings based in Russia.
Most of the purloined assets, largely Ether (ETH), were untouched for nearly five days post-breach. Subsequently, a notable chunk of these assets was converted to Bitcoin (BTC) through the RenBridge cross-chain platform.
This conversion reportedly involved about 65,000 ETH, equating to a value of around $100 million.
CoinDesk broke the news on Thursday, referencing findings shared with them by Elliptic.
Coin mixers used
The study pointed out that from the 4,536 BTC that were converted from ETH using RenBridge, a total of 2,849 BTC was funneled through mixing services, with ChipMixer as the primary tool.
Tracking assets that passed through such mixers is intricate. However, it’s evident that a minimum of $4 million made its way to exchanges, where it could have been transformed into traditional currency, as Elliptic conveyed to CoinDesk.
After an international law enforcement operation led to ChipMixer’s closure and confiscation, the perpetrators shifted to another coin mixer named Sinbad.
While the identities of these culprits remain shrouded, wallet data scrutiny and transaction pattern analyses might shed more light on the matter, according to Elliptic.
The list of potential culprits behind the FTX hack has varied, encompassing theories from inside job suspicions involving rogue FTX employees to external threats such as the North Korean hacking collective, Lazarus, known for its links to several cryptocurrency-related breaches.
Yet, the preponderance of on-chain evidence is leaning towards Russian factions, as emphasized by Elliptic. CoinDesk, referencing Elliptic’s insights, mentioned:
“A predominant connection with Russia emerges. Observing the stolen assets traceable through ChipMixer, it’s discernible that substantial portions intermingle with funds tied to Russian-connected illicit factions, including ransomware operators and shadowy online marketplaces, before progressing to exchanges.”
This interlinking with Russian funds suggests the potential engagement of an intermediary or broker based in, or connected to, Russia,” the analysis further elucidated.
Notably, FTX’s security breach transpired on November 11, 2022, a mere few hours post the announcement of the firm’s bankruptcy filing and the departure of its founder, Sam Bankman-Fried.