To view this article, go to My Profile and then View Saved Stories.
To view this article, go to My Profile and then View Saved Stories.
Andy Greenberg
The Sam Bankman-Fried trial
· Live
SBF’s Trial, Explained
Global crypto is fed up with SBF demand
SBF is a terrible customer
Why Silicon Valley Falls for Fraud
As the criminal trial of FTX founder Sam Bankman-Fried unfolds in a Manhattan courtroom, some crypto watchers have observed that another FTX-related crime is taking place: the as-yet-unidentified thieves who stole more than $400 million from FTX on the same day. The exchange filed for bankruptcy. After nine months of silence, they’ve been busy moving that budget across blockchains in an obvious attempt to smuggle coins into their loot while covering their tracks. Blockchain observers are still hopeful that the coin lines can also identify the culprit. According to a cryptocurrency tracking company, there are now some clues that suggest those thieves possibly have ties to Russia.
Today, crypto tracking firm Elliptic released a new report on the complex path taken through the stolen budget in the 11 months since its withdrawal from FTX on Nov. 11 last year. Elliptic’s tracking shows how this nine-figure sum, which FTX values at between $415 million and $432 million, has since evolved through a long list of cryptocurrencies as thieves attempted to prepare them for laundering and liquidation, and even through a service owned by FTX itself. But those millions also remained unused throughout 2023. — only to start backing down this month, in some cases while Bankman-Fried himself was in court.
Most tellingly, Elliptic’s investigation is the first to point out that whoever laundered the stolen FTX budget appears to have ties to Russian cybercrime. An $8 million portion of that cash ended up in a budget pool that also included cryptocurrencies from Russian-linked ransomware hackers. and dark web markets. This budget combination suggests that whether the real thieves are Russian or not, the cash launderers who won the stolen FTX budget are likely Russian or working with Russian cybercriminals.
“It’s becoming increasingly likely that he has ties to Russia,” says Tom Robison, lead scientist and co-founder of Elliptic. “We can’t attribute this to a Russian actor, but it’s an indication that it could be. “
From the early days of its post-theft cash laundering procedure, Elliptic says that FTX thieves largely took moves typical of perpetrators of large-scale crypto thefts, as the culprits sought to secure the budget, exchanging them for coins that are less difficult. to launder and then funnel them through cryptocurrency “mixing” facilities to bring this laundering to light. According to Elliptic, most of the stolen budget was stablecoins that, unlike other crypto bureaucracies, can be frozen through their issuer in the event of theft. In fact, stablecoin issuer Tether temporarily froze $31 million of stolen cash in reaction to the FTX heist. So, thieves without delay started swapping the rest of those stablecoins for other crypto tokens on decentralized exchanges like Uniswap and PancakeSwap, which don’t have the know-your-customer needs that centralized exchanges meet, in part because they don’t allow exchanges. Fiat cash.
In the following days, Elliptic explains, the thieves initiated a multi-step procedure to convert the tokens for which they had exchanged the stablecoins into cryptocurrencies that would be less difficult to launder. They used a “cross-chain bridge” that allows cryptocurrencies to be swapped from one blockchain to another, swapping their tokens on the Multichain and Wormhole bridges to convert them into Ethereum. On the third day after the theft, the thieves had a single Ethereum account valued at $306 million, a drop of about $100 million from their initial account. generally due to the seizure of Tether and the charge of its transactions.
From there, the crooks seem to have focused on exchanging their Ethereum for Bitcoin, which is less difficult to integrate into “merge” facilities that offer to combine a user’s bitcoin with that of other users to save you from blockchain-based tracking. On Jan. 20, nine days after the theft, they exchanged about a quarter of their Ethereum holdings for Bitcoin on a bridge service called RenBridge, a service that, ironically, was owned by FTX. “Yes, it’s actually amazing that the proceeds of a hack were laundered through a service owned by the hack victim,” says Elliptic’s Robison.
Simon Hill
Carlton Reid
Simon Hill
Amanda Hoover
On Dec. 12, a month after the theft, most of the bitcoins from this RenBridge transaction were entered into a matching service called ChipMixer. Like the maximum merge services, the now-defunct ChipMixer presented to the budget of the users and returned the same amount. minus a commission, from other sources, which theoretically erases the trail of cash on the blockchain. But Elliptic claims to have been able to hint at $8 million of that cash to a budget set that also included profits from Russia-linked ransomware and dark internet marketplaces. , which were then sent to various exchanges to be withdrawn.
“It may simply be that a thief has passed on to a bleach,” Robison says. “But even if that were the case, it would mean that the thief is in contact with someone who is part of a Russian money laundering operation. “He added that Elliptic has other data indicating the cash launderers’ ties to Russia, but does not yet have permission from the source to make it public.
After their first attempt to launder part of ChipMixer’s budget, the thieves have become eerily silent. The rest of its Ethereum would remain dormant for the next nine months.
It wasn’t until Sept. 30, just days before Bankman-Fried’s trial, that the rest of the budget started flowing again, Elliptic says. By then, RenBridge and ChipMixer had shut down: RenBridge due to the collapse of its parent company. Corporate FTX and ChipMixer due to a seizure by law enforcement. So, the thieves exchanged their Ethereum for Bitcoin on a service called THORSwap and then directed those bitcoins to a combination service called Sinbad.
Sinbad has in the last year become a popular destination for criminal cryptocurrencies, especially cryptocurrencies stolen by North Korean hackers. But Elliptic’s Robison points out that, despite this, budget management is less complicated than he saw in a typical North Korean heist. “It doesn’t use some of the facilities that Lazarus usually uses,” Robison says, referring to North Korea’s massive state-sponsored hacking organization known as Lazarus. “So it doesn’t look like them. ” Robison notes that Sinbad is likely a new symbol of a mixing service called Blender that was hit by U. S. sanctions last year, in part to help launder the budget of Russian ransomware organizations. Sinbad also offers visitors in English and Russian.
Simon Hill
Carlton Reid
Simon Hill
Amanda Hoover
Does the timing of those new budget moves before (and even during) the Bankman-Fried trial recommend that someone with inner wisdom be involved?Elliptic’s Robison points out that while the timing is obvious, he can only speculate at this point. It’s conceivable that the timing is a natural coincidence, Robison says. Or someone could simply move the cash now to pass it off as an FTX intern, someone potentially worried about wasting their access to the web. Neither Bankman-Fried nor his fellow executives have been charged with the theft and some of the cash movements took place while Bankman-Fried was in court, with only a computer disconnected from the web.
Over time, there is no doubt that thieves will try to get more money out of their stolen and laundered cryptocurrencies for some sort of fiat currency. Robinson is still hopeful that, despite their use of mixers, they can be better known at this time. “I think they’ll probably be able to cash in on at least some of those funds. I think whether they’re going to get away with it is another question,” Robison says. “There’s already a blockchain trail to follow, and I think that trail will become clearer over time. “
Two other crypto tracking firms, TRM Labs and Chainalysis, were hired through the new FTX regime under the leadership of CEO John Ray III to assist in the investigation. TRM Labs declined to comment on the case. Chainalysis did not respond to WIRED’s request for comment, nor did FTX itself.
As those crypto trackers continue to track the money, we may one day have a clearer answer to the mystery of the FTX heist. In the meantime, however, FTX’s numerous aggrieved creditors will have to keep an eye on Bankman-Fried’s lawsuit and the other. on the Bitcoin blockchain.
Updated at 8:45 a a. m. ET. m. , October 12, 2023, to upload Elliptic researchers’ links to Russian cybercriminals.
? Get the most out of chatbots with our unlocked AI newsletter
In the war against Russia, some Ukrainians used AK-47s. Andrey Liscovich keeps a shopping list
How Neuralink keeps photos of dead monkeys secret
The Weird Cottage Industry of YouTube Obituary Hackers
Can FTX Sam Bankman-Fried be revived?
Your browser doesn’t belong to you
? Charge until summer with the best adapters, power banks and USB hubs
Scott Gilbertson
David Gilberto
David Gilberto
Andy Greenberg
David Gilberto
David Gilberto
Lily Hay Newman
Lily Hay Newman
More From WIRED
Contact