What options does the attacker have?

The FTX collapse, in which numerous investors were deprived of their funds, is now almost three weeks ago. As if that wasn’t bad enough, a few days later an alleged insider stole almost 400 million US dollars in various cryptocurrencies from the now insolvent crypto exchange and has been trying to transfer the funds into the legal economic cycle ever since. BTC-ECHO from the blockchain analysis company Chainalysis wanted to know what options the attacker has.

Scenario 1: Convert and mix ETH to BTC

Shortly after the theft, the hacker converted much of the loot into ether and then split the holdings across multiple addresses. Among other things watched Chainalysis exchanges into renBTC, a tokenized representation of Bitcoin on the Ethereum blockchain. The plan: swap renBTC for Bitcoin to launder the BTC via a mixing service, Erin Plante, Vice President Investigations at Chainalysis, explains to BTC-ECHO. The company then asked crypto exchanges to freeze the coins or the account directly.

Scenario 2: Sell and short ether

Another possibility that the community discussed involved the following scenario:

The FTX attacker opens a short position on Ether. He then throws the stolen ETH holdings onto the market, the price falls, and the attacker cashes out the profits from the short position.

Yes, even in this case you can follow the money trail, says Plante:

The main goal of tracing cryptocurrencies is also possible in this scenario: identifying the transfer of the stolen funds to an exchange. From there, law enforcement can work with the exchange to identify the hacker and potentially freeze the funds as well. It does not matter whether the stolen funds were paid out directly on an exchange or obtained through a short position.

Who is behind the FTX hack?

One question remains: Who was it? There are still hardly any new findings on the identity of the attacker. And this despite the fact that the hacker interacted with a KYC-verified wallet from the Kraken crypto exchange and security chief Nick Percoco then tweeted announcedto have identified the user. At the request of BTC-ECHO, Kraken states that the exchange is in contact with “law enforcement authorities” and has frozen “access to accounts”. However, they remained silent about the concrete identity.

Accordingly, the rumor mill is churning. Suspects range from FTX founder Sam Bankman-Fried to the Bahamian securities regulator. Latter relieved Forbes most recently, referring to circles around crypto security firm Fireblocks. According to this, the Securities Commission of The Bahamas (SCB) is said to have asked the US company for help in a lightning campaign to protect a further 400 million US dollars from a hack attack. Fireblocks refused to comment on BTC-ECHO “on the instructions of the SCB”.