According to analysis firm Elliptic’s findings, which were shared with CoinDesk, a portion of the alleged $400 million taken last November from the now-defunct FTX crypto exchange may have connections to cyber criminal organizations based in Russia.
Involvement with ChipMixer
The money, held mainly in ether (ETH), stayed idle for five days before a tranche of 65,000 ETH ($100 million) was sent via the RenBridge service to the Bitcoin blockchain. The attackers then utilized a mixer, a technology built on the blockchain that hides addresses.
2,849 Bitcoins (BTC) out of the 4,536 Bitcoins converted from the ether at RenBridge were delivered via mixers, mostly a service called ChipMixer, which has been shut down for money laundering. Tracing these assets is harder, but at least $4 million was moved to exchanges, where it might have been cashed out.
After an international law enforcement operation shut down and confiscated ChipMixer, the attackers turned to Sinbad for the mixing service.
Although the attackers’ identities are unknown, analysis of fund movements and data from wallets may help identify who might have been responsible for the attack.
Who Was Responsible For The FTX Hack?
Elliptic claimed that suspects included the North Korean hacker group Lazarus, which is suspected to have taken advantage of many encryption protocols, and rogue personnel at FTX. However, it claimed that on-chain indicators link to Russian entities.
The company claims that “a Russian-linked actor seems to be a stronger possibility.” Significant sums of the stolen assets that can be tracked by ChipMixer are blended with money from criminal organizations with ties to Russia, including ransomware networks and darknet markets, before being transmitted to exchanges.
The statement read that this suggests the participation of a broker or middleman with ties to Russia. The involvement of a broker or middleman connected to Russia implies a potential link between the transaction and Russian interests. Further investigation is required to uncover the extent of their influence and any potential implications.
Raised Concerns in the Crypto Community
This sudden movement of stolen property has raised concerns among the cryptocurrency community and law enforcement agencies. The continuous movement of the stolen funds indicates that the perpetrators are actively attempting to launder and hide their tracks. It also presents a challenge for investigators to trace the flow of these funds and potentially recover the stolen assets. The involvement of popular platforms like Railgun and THORChain highlights the need for stricter security measures and regulations to prevent such incidents.
Source: https://coinpedia.org/news/russian-attackers-suspected-in-ftx-hack-says-elliptic/