According to a report by blockchain intelligence company Elliptic, they have uncovered a connection between the $400 million hack of FTX and Russian cybercriminals through a relatively simple money laundering method employed by the attackers.
Specifically, Elliptic reveals that the attackers were converting the stolen funds into Bitcoin using Renbridge, a service owned by the sister company of the now-defunct exchange Alameda Research. They then used ChipMixer and other cryptocurrency mixing services to obscure their tracks.
Elliptic notes that this money laundering method is “distinct and less complex than the methods typically used by Lazarus Group, believed to be backed by North Korea.” However, it likely required insider assistance to execute the attack effectively.
“An actor linked to Russia appears to have a stronger capability. Among the assets that can be traced through ChipMixer, a significant amount is combined with funds from criminal groups linked to Russia, including ransomware gangs and darknet markets, before being sent to exchanges.”
It’s speculated that some FTX employees may have taken advantage of the chaos surrounding the company’s bankruptcy to move some of the company’s cryptocurrency assets.
There have also been suspicions that Sam Bankman-Fried, the founder of FTX, could be behind the incident. However, this theory has been refuted, as SBF has had limited internet access recently, hindering any money laundering efforts related to the attack.
Furthermore, Elliptic emphasizes that the weak security structure of the exchange may have made it an easy target for external actors. The new CEO of the exchange, John Ray III, revealed that the private keys to the company’s cryptocurrency assets were not securely stored, resulting in the leakage of millions of USD.