Russian Actors Linked to $415 Million FTX Hack

Reading Time: 2 minutes
  • Blockchain security firm Elliptic has linked the FTX hack to Russian entities 
  • Elliptic disclosed that the stolen funds go through Russian cybercriminal groups before being deposited on exchanges
  • Elliptic’s findings discredit rumors that Sam Bankman-Fried hacked his own exchange

Blockchain security firm Elliptic has followed the on-chain trail of funds siphoned from the bankrupt FTX crypto exchange tracing it to Russian actors. The security firm added that it’s also likely that the hackers may not be Russian but have connections with Russian darknet market operators, ransomware groups and other cybercriminal groups with Russian bases. According to Elliptic, the stolen funds have been ending up in the hands of Russian cybercriminal groups before being deposited on exchanges to possibly be cashed out, further discrediting rumors that former FTX CEO Sam bankman-Fried hacked the exchange.

Using a Broker with a Nexus in Russia

In a blog post explaining the movement of the funds, Elliptic discovered that the hacker used ChipMixer and Sinbad crypto mixers where they were combined with other amounts “from Russia-linked criminal groups.”

Elliptic said that the intersection of funds with those of the gangs indicated that the FTX hacker was using a broker “with a nexus in Russia” or the malicious actor was Russian. The security firm ruled out the involvement of North Korea hacking group Lazarus saying that the FTX hacker doesn’t display the level of money laundering sophistication applied by the Lazarus group.

The FTX hacker is still moving the funds in huge chunks with the latest transfer involving $120 million. 

Crypto Mixers, Cross-chain Bridges and the Bankman-Fried Trial

However, the malicious actor has been hiding the trail of the funds using crypto mixers and moving them between different blockchains using cross-chain bridges. The hacker is also probably using the ongoing Bankman-Fried trial to avoid attracting attention.

Most of the funds’ movement has happened when Bankman-Fried is in custody and without an internet connection, distancing him from being involved in moving the funds.

With more data about the hacker surfacing, blockchain security firms are inching closer to unmasking the FTX hacker.