Research Firm Elliptic Links FTX Hack to Russian Attackers
Research by blockchain intelligence firm Elliptic has revealed potential links between the FTX hacking incident last November, which resulted in an estimated $400 million loss, and Russian-based cybercrime groups.
The majority of the stolen assets, primarily in Ether (ETH), had remained dormant for five days following the breach, before a significant portion of the funds was exchanged to Bitcoin (BTC) using the RenBridge cross-chain tool.
Around 65,000 ETH, worth approximately $100 million, were reportedly exchanged into Bitcoin in this way.
The news was first reported by CoinDesk on Thursday, citing research shared with them by Elliptic.
Coin mixers used
The report highlighted that out of the 4,536 BTC converted from ETH through RenBridge, 2,849 BTC had been routed through mixers, with ChipMixer being the main service used.
The tracing of the assets that went through the mixer is challenging, but it is clear that at least $4 million ended up on exchanges, potentially converted to fiat currency, Elliptic told CoinDesk.
Following the shutdown and seizure of ChipMixer during an international law-enforcement operation, the attackers turned to the coin mixer Sinbad as an alternative.
Despite the identity of the attackers remaining unknown, analysis of wallet data and fund movements may help uncover further information about the attackers, Elliptic said.
Several suspects
So far, the suspects have ranged from rogue FTX employees doing an inside job to the North Korean hacker group Lazarus, which has been associated with various crypto protocol exploits.
However, most on-chain evidence, according to Elliptic, points toward Russian groups.
CoinDesk cited Elliptic as saying:
"A Russia-linked actor seems a stronger possibility. Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges.”
“This points to the involvement of a broker or other intermediary with a nexus in Russia,” the report added.
The hack of FTX occurred on November 11, 2022, just hours after the company filed for bankruptcy and founder Sam Bankman-Fried stepped down from his role.