FTX Hacker Starts Dumping Massive Haul Of Ether Tokens
Last weekend, we reported on the mysterious $662 million outflow of tokens that suddenly hit FTX.
At the time, Nansen’s Alex Svanevik said, “It’s unclear exactly who’s making the transactions, but you wouldn’t expect to see these on-chain trades at this time.”
He said FTX’s main wallet was entirely drained of FTT.
Additionally, Reuters reported that SBF had a “backdoor” in FTX’s book-keeping system, which allowed him to move customer money around without triggering internal compliance or accounting red flags.
During the week, more details came out that suggested at least some of this outflow was in fact an apparently sanctioned transfer from FTX to Bahamian regulators – who rejected the exchange’s US bankruptcy filing and took possession of some of the assets.
“[There is] credible evidence that the Bahamian government is responsible for directing unauthorized access to the Debtors’ systems for the purpose of obtaining digital assets of the Debtors—that took place after the commencement of these cases,” read the filing, signed by new FTX CEO John Ray, famous for handling the liquidation of Enron.
The company went on to say that its co-founders Sam Bankman-Fried and Gary Wang were recorded saying that Bahamanian regulators instructed the pair to make “certain post-petition transfers” and that such assets were “custodied on FireBlocks under control of [the] Bahamian government.”
Securities Commission Addresses FTX Statement on Bahamian Withdrawals pic.twitter.com/OZKWwicSuN
— Securities Commission of The Bahamas (@SCBgov_bs) November 12, 2022
However, although initial reports suggested that all of the funds in question might be in the custody of securities regulators in the Bahamas, Chainalysis poured cold water on this theory however, stating:
“Reports that the funds stolen from FTX were actually sent to the Securities Commission of The Bahamas are incorrect. Some funds were stolen, and other funds were sent to the regulators.”
And as Bloomberg reported earlier in the week, the hackers who stole the funds have become one of the world’s largest holders of the Ether token.
According to security specialists PeckShield, a wallet linked with the exploit swapped about another $49 million of stablecoins – mainly Dai – for Ether on Tuesday. That lifted the attacker’s Ether haul to 228,523 or about $288 million – the 35th largest stash of the coin, according to data from analytics platform Etherscan.
#PeckShieldAlert FTX Accounts Drainer has swapped 48.27M $DAI (~$48.36M) to 37.57k $ETH (~$47.69M) on Ethereum
Arbitrary loss: -$671,424.25
FTX Accounts Drainer currently holds 228,523.83 $ETH (~$288M) and makes the address become the 35th largest holder of ETH pic.twitter.com/8oukNomdDf
— PeckShieldAlert (@PeckShieldAlert) November 15, 2022
The hacker reportedly transferred some funds using the crypto exchange operated by Kraken, which said it had been in touch with law enforcement about the matter.
But now, as Coinpedia.org reports, the FTX hacker has begun to liquidate those holdings creating significant downward pressure on Ethereum’s price.
As PeckShield further detailed earlier today, the FTX hacker is swapping ETH for BTC via renBTC bridge protocol…
#PeckShieldAlert FTX Accounts Drainer 1 currently holds 200,735.1 $ETH (~$235.5M) & drops to the 37th largest holder of $ETH (from 27th)
FTX Accounts Drainer 1 has transffered 50k $ETH (~$58.5M) to 0x866E, then 0x866E swapped these $ETH for ~3,517 $renBTC and bridged out pic.twitter.com/Qokr8bQrvg
— PeckShieldAlert (@PeckShieldAlert) November 20, 2022
You can monitor the FTX Hacker’s moves here…
You can keep an eye on the ren bridge here: https://t.co/8Lqjtt1W34
I assume that each time Hacker Wallet 1 transfers fresh ETH to Wallet 2, we should expect continued dumping shortly thereafter
Hacker Wallet 1: https://t.co/q2bl56LoKQ
Hacker Wallet 2: https://t.co/189Yk9lwXY
— kamikaz ΞTH 🦇🔊 (@kamikaz_ETH) November 20, 2022
Notably, renBTC liquidity is not deep enough for the FTX Hacker to dump all his ETH. If renBTC minting is disabled, the liquidity can’t be refilled, so the hacker may speed up.
Which is perhaps why, as @kamikaz_ETH notes, the FTX Hacker is now steadily dumping ETH on-chain – which is why we are seeing the sudden purges in Ethereum’s price.
It’s hard to know how sophisticated the FTX Hacker is, but Ren protocol announced earlier (completely by coincidence with no connection to the ongoing ETH dump) that they will be disabling renBTC mints soon
That gives the hacker an incentive to dump the ETH asap https://t.co/YKBSD1KWyY
— kamikaz ΞTH 🦇🔊 (@kamikaz_ETH) November 20, 2022
This could be a problem for ETH as if 50k ETH drove the drop from $1220 to $1160, the remaining 200k ETH could do some more serious damage to price.
FTX itself has tweeted to urge exchanges to block these transfers from the FTX Hacker…
(2/2) Exchanges should take all measures to secure these funds to be returned to the bankruptcy estate.
— FTX (@FTX_Official) November 20, 2022
Finally, one source suggested that perhaps the FTX Hacker realized that The Office of Foreign Assets Control (OFAC) can sanction the address where they are holding the hacked ETH and thereby make the ETH worthless…
As 76% of validators (and rising) enforce OFAC sanctions – accordingly they wouldn’t include ETH transactions from sanctioned addresses…
The FTX exploiter, who has been dumping all other drained assets for ETH, is now one of the largest holders in the world, with 228,523 ETH ($284.82m) currently in their wallet.
Everyone should keep an extremely close eye on what happens next… pic.twitter.com/SAP3UkyVaa
— Dylan LeClair 🟠 (@DylanLeClair_) November 15, 2022
Hence the sudden urgency to discard the ETH for bitcoin via RenBTC bridge …
Probably they had a tip off that OFAC is planning to do this tomorrow…
Now who would have the political connections with the administration to know that info in advance?
Sun, 11/20/2022 – 16:00