A day after FTX filed for bankruptcy, the firm’s hot wallets were drained by hackers, walking away with nearly $650 million in altcoins.
Now, after various bridgings and on-chain chicanery, the attacker is left with holdings of more than $367 million across various major blockchains.
The attacker laundered proceeds using decentralized exchanges (DEX) and cross-chain bridges, reported blockchain intelligence firm Arkham Intelligence.
A total of almost $20 million in PAXG was frozen across the attacker’s 4 addresses that hold PAXG.
The attacker also attempted to obfuscate fund transfers on BSC by ‘swapping’ tokens with the recipient address set to a separate address, 0x2cb. pic.twitter.com/dLxYyWPuNf
According to Elliptic, cross-chain bridges are widely used by hackers to launder stolen funds. “Chain hopping,” the movement of stolen funds between different blockchains, helps hackers evade tracing by enforcement agencies.
Here’s how it went down.
On November 12, 2022, roughly $650 million in ill-gotten funds were routed from FTX’s hot wallet to two wallet addresses, one on Solana and the other on Ethereum.
Since then, the hacker’s wallet address bridged the funds to different blockchain networks, including Binance Smart Chain, Polygon, and Avalanche, according to data from respective block explorers.
Law enforcement agencies were, however, able to freeze nearly $20 million in Paxos Gold (PAXG) tokens linked to the attack on November 14.
According to data from debank, the hacker’s wallet address holds nearly 228.5 million Ethereum (ETH) and 8,184.9 Paxos Gold (PAXG) tokens on Ethereum.
On Binance Smart Chain, the wallet holds nearly 108.454 million BNB and 1.685 million DAI stablecoin. Avalanche hosts about 3.970 million in Tether’s stablecoin USDT in the hacker’s wallet address.
According to data from Solscan, the hacker’s Solana wallet address owns nearly 144,999 SOL and 27.549 million USDT.
In total, the hacker holds nearly $338 million worth of altcoins and is the 35th-largest Ethereum holder, according to data from Etherscan.
Arkham Intelligence has yet to respond to Decrypt’s request for comment.
Stay on top of crypto news, get daily updates in your inbox.