According to crypto intelligence platform Arkham Intelligence, the mystery looter of the now-collapsed FTX, likely an insider according to a blockchain specialist, holds $339 million in digital assets stolen from the exchange on Friday.
Arkham discovered that the exploiter’s wallets contain $292 million in ETH, the native token of the Ethereum blockchain, $48 million in Maker’s stablecoin DAI, $44 million in BNB, the native token of the Binance ecosystem, $4 million in Tether’s USDT stablecoin on the Avalanche blockchain, and $3.8 million in MATIC on Polygon’s Matic bridge.
Approximately $20 million in PAXG, a Paxos stablecoin pegged to the price of gold, was frozen after U.S. authorities forced Paxos to block the accounts, prohibiting the holder from transferring or withdrawing the tokens.
We are now 3 days deep into the attack on FTX.
So far, Paxos has blacklisted 4 addresses, and the attacker has repeatedly bridged to and from multiple different networks.
What will the FTX attacker do next?
An update on their current token balances and actions so far 👇 pic.twitter.com/pU415WGGNK
— Arkham | Crypto Intelligence (@ArkhamIntel) November 14, 2022
On Friday night, the insolvent crypto exchange FTX had unusual withdrawals of over $600 million. One entity at the core of the vulnerability stole around $400 million from the crypto wallets of the exchange. The attack occurred on the same day that FTX and the other 137 enterprises of Bankman Fried’s conglomerate filed for bankruptcy protection.
The hacker acted hurriedly based on their conduct on the blockchain. They used decentralised exchanges, including UniSwap, 1inch, and CowSwap, to convert tokens to cryptocurrencies like MATIC, LINK, and PAXG in smaller amounts to reduce slippage losses.
After monitoring the attacker’s blockchain activities, Arkham discovered that they seemed to panic and lost a significant portion of their token holdings when they shifted assets across several chains to avoid being discovered. In an apparent effort to consolidate their holdings, they transferred tokens to ETH and DAI on the Ethereum network, transactions that authorities cannot readily monitor.
Miguel Morel, CEO of Arkham Intelligence, said, “It is becoming clearer by the day that the FTX exploiter is not very sophisticated. They’ve hastily tried to do whatever they can with the funds, seemingly without much of a plan.”
The attacker also appears to have made at least one amateurish misstep. According to Dyma Budorin, CEO of Hacken, they irresponsibly used a verified personal account on the cryptocurrency exchange Kraken to transmit sufficient TRX tokens to cover transaction costs.
The hacker’s rudimentary actions suggest that retrieving the stolen monies may be possible.
Morel stated, “I think it’s only a matter of time before they’re discovered due to their use of various off-ramps, and at that point, it will just be about recovering the funds.”