Missing FTX Funds Traced to Russian-Connected Launderers

The mystery of who stole more than $400 million from FTX, a cryptocurrency exchange that collapsed into bankruptcy last year, may be closer to being solved. A new report by a cryptocurrency tracing firm suggests that the thieves have ties to Russian cybercrime groups, and have been busy laundering their loot through various intermediaries.

FTX was once one of the largest cryptocurrency platforms in the world, allowing users to buy, trade and store digital currencies. But on November 11, 2022, the exchange declared bankruptcy, leaving billions of dollars of customer funds missing. The founder of FTX, Sam Bankman-Fried, is currently on trial in New York, facing charges of fraud and money laundering. He has pleaded not guilty.

On the same day that FTX went bust, an unidentified hacker or hackers managed to steal more than $400 million worth of cryptocurrency from FTX’s wallets, using digital keys that were either obtained from an insider or hacked from the exchange. The thief or thieves then moved the stolen funds across different blockchains, swapping them for more easily laundered coins and using mixing services to obscure their origin.

According to Elliptic, a cryptocurrency investigation firm that released a new report on Tuesday, the stolen FTX funds have taken a complex path over the past 11 months, involving a long list of crypto services, some of which are owned by FTX itself. But the report also reveals some clues that point to a possible Russian connection.

Elliptic’s chief scientist and co-founder, Tom Robinson, said that one $8 million tranche of the stolen money ended up in a pool of funds that also includes cryptocurrency from Russia-linked ransomware hackers and dark web markets. This suggests that the money launderers who received the stolen FTX funds are likely Russian, or work with Russian cybercriminals.

“It’s looking increasingly likely that the perpetrator has links to Russia,” Robinson said. “We can’t attribute this to a Russian actor, but it’s an indication it might be.”

Russia has long been accused of harboring cybercriminals who target Western countries and businesses with ransomware attacks and other online scams. President Vladimir Putin has denied these allegations, saying that Russia is not among the countries that see the most cyberattacks from their territory.

However, last month, Russian authorities announced that they had dismantled REvil, a notorious ransomware group that had extorted millions of dollars from victims around the world. The operation was carried out at the request of the United States, in a rare case of cooperation between the two countries on cybercrime.

The Elliptic report also shows that the FTX thieves have been trying to cash out their stolen funds while Bankman-Fried’s trial is underway. After lying dormant for most of 2023, the thieves began to move large chunks of money to mixing services every day since September 30. Elliptic estimates that about $54 million worth of Bitcoin has been sent to Sinbad, a popular mixer service, since then.

Robinson said that it is possible that the thieves are feeling pressured by the trial and want to liquidate their assets before they are caught or frozen by law enforcement. He added that Elliptic is working with authorities to track down the stolen funds and identify the culprits.

“We hope that our analysis will help to bring justice to the victims of this massive theft,” he said.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *