Blockchain analytics firm Elliptic says it has uncovered new clues potentially linking the massive FTX hack to Russian cybercriminal networks.
Shortly after November’s $475 million FTX breach, $74 million flowed through the Alameda-connected platform RenBridge. Much of this was mixed using ChipMixer, known for its ties to Russian ransomware and darknet entities.
Additional stolen funds surfaced right before former CEO Sam Bankman-Fried’s trial, with $120 million converted via THORSwap. The perpetrator continued laundering through mixer Sinbad, associated with North Korea’s Lazarus Group.
Also read: Hong Kong Retail Crypto Investors Largely Uninformed on Regulatory Regime: Report
FTX hacker identity remains a mystery
But Elliptic believes the amateurish tactics suggest a Russian nexus over-involvement by Lazarus. The hacker’s identity remains a mystery, despite traces of the stolen crypto’s path.
Early theories suspected an inside job by FTX staff or even Bankman-Fried himself. But the clues point more strongly to Russian cybercriminals laundering the spoils.
While the culprit is still unknown, Elliptic’s tracing provides invaluable insight into how hackers cash out and conceal illicit proceeds. The funds’ links to documented criminal conduits restrain their future movement.
For now, the FTX hack loot remains firmly in the clutches of obscurity, despite hints at its origins. But blockchain tracking helps close the net on stolen assets even as culprits employ every cloaking trick in the book.