Skip to main content

Elliptic, a blockchain analytics company, has unveiled evidence indicating that a Russian-affiliated organization could be responsible for the major breach at cryptocurrency exchange FTX, where a whopping $477 million in multiple cryptocurrencies were stolen.

FTX’s Founder Unlikely the Culprit A significant detail in Elliptic’s report has shed light on early doubts regarding FTX founder Sam Bankman-Fried’s involvement in the heist.

Elliptic states that on Oct. 4, 2023, at 3:41 p.m. EST, a transfer of $15 million from the pilfered assets occurred. During this exact moment, Bankman-Fried was allegedly present in a Manhattan court without any internet connection, challenging the likelihood of his involvement in the said transfer.

Post the security breach, a large chunk of the misappropriated funds was exchanged to Bitcoin (BTC) and moved via ChipMixer, a now-inoperative privacy tool. Elliptic’s investigation indicates that these funds frequently mingled with assets linked to Russian-associated criminal entities, encompassing ransomware factions and clandestine online markets.

“This points to the involvement of a broker or other intermediary with a nexus in Russia,” the analytics firm commented.

It’s noteworthy to mention that FTX lost 9,500 Ethereum (ETH) to an anonymous cybercriminal on the same day it declared bankruptcy in the previous November. This perpetrator further acquired other digital currencies, which included Pax Gold (PAXG), Tether (USDT), and Wrapped Bitcoin (WBTC). Even though a segment of these stolen assets was seized by regulatory bodies, the majority were successfully traded into alternate cryptocurrencies and relocated to other blockchains.

Elusive Blockchain Movements

The report by Elliptic emphasizes that the cybercriminal utilized multiple strategies to camouflage the trail of the illicit assets.

On November 20, a conversion of 65,000 ETH to Bitcoin took place using RenBridge, a platform ironically linked to Alameda Research, which has financial ties with FTX. Subsequent to a hiatus of nine months, an extra 72,500 Ethereum (ETH), approximated at $120 million, was swapped for Bitcoin via THORSwap, a platform which has currently halted its interface due to apprehensions related to money laundering.

With the shutdown of ChipMixer, a substantial portion of the funds were mingled via Sinbad, which is assumed to be a reincarnation of Blender – a platform previously blacklisted by the U.S. Treasury Department for supporting the North Korean-based Lazarus Group.

However, Elliptic has ruled out the Lazarus Group’s involvement in the FTX breach, referring to the perpetrator’s comparably amateur laundering approaches.

The identity of the cybercriminal targeting FTX is yet to be unveiled, but Elliptic’s recent discoveries have added a twist to an already convoluted investigation.

While the evidence seems to hint at a Russian-associated actor, more probing is essential to validate this speculation.