Crypto experts reveal 3 biggest misconceptions about the FTX hack

by · November 29, 2022

Crypto experts reveal 3 biggest misconceptions about the FTX hack

Bored sleuth ZachXBT has shared his findings on what he sees as the three most common misconceptions about the FTX hack – taking to Twitter to correct a ton of misinformation about the incident and the possible culprits.

In a lengthy post from November 20 on Twitter, the self-proclaimed “scout on the chain” debunked speculation that Bahamian officials were behind the FTX hack, that exchanges knew the hacker’s true identity, and that the culprit is trading memecoins.

On the same day that FTX filed for bankruptcy on November 11, the crypto community began flagging suspicious transactions on wallets linked to FTX, with more than $650 million transferred from the wallet.

Although there was no official culprit, a November 17 statement from the Securities Commission of the Bahamas (SCB) was identified which stated that it had ordered the transfer of all digital assets of FTX to a digital wallet owned by the commission around that time. some believe that SCB was behind the supposed “hack”.

However, ZachXBT claimed that the 0x59 wallet address linked to the hacker was a blackhat address and not associated with either the FTX team or SCB because it “started selling tokens for ETH, DAI and BNB and using a series of bridges so that crypto could not be frozen on the 11 /12.”

See also  Dropbox 'Hacker' Didn't Steal Passwords or Data from 700 Million Users

“The fact that 0x59 was dumping tokens and bridging sporadically was very different behavior from the other addresses that withdrew from FTX and instead sent to a multisig on chains like Eth or Tron,” he added.

Zach also notes that the blackhat wallet also had contact with another wallet, 0x24, which he suggests “has very [suspicious] on-chain behavior when using sketching services:”

“This behavior is completely different from what was said about debtors moving assets to cold storage or the Bahamian government moving assets to Fireblocks.”

ZachXBT says his last lead was the wallet address selling Ether (ETH) for pure Bitcoin (renBTC) and then using RenBridge, which he says will most likely end up sending the funds to “a mixer at some point in the future.”

Blockchain analytics firm Chainalysis came to a similar conclusion in a post on November 20, notes that:

“Reports that the funds stolen from FTX were actually sent to the Securities Commission of the Bahamas are incorrect. Some funds were stolen and other funds were sent to regulators.”

FTX has also commented on the recent fund movements, posting a warning to exchanges “that certain funds transferred from FTX Global and related debtors without authorization on 11/11/22 are transferred to them through intermediate wallets.”

ZachXBT also highlighted the potential misinformation surrounding the claim that the hacker’s identity had been discovered by “Kraken or other exchanges.”

The rumor had been circulating since Kraken’s security chief claimed in a post from November 12 that “We know the identity of the user.”

See also  EXCLUSIVE Russian software disguised as American finds its way into US Army, CDC apps

Zach says “In reality” the user identified as the hacker was probably just the FTX group securing assets to a multi-signature wallet on Tron, using Kraken due to the FTX hot wallet running out of gas for transactions, saying:

“The withdrawals of these multisigs also matched what Ryne Miller (FTX GC) had said at the time. This took place hours after the first 0x59 withdrawals.”

Related: FTX funds on the fly as thief converts thousands of ETH to Bitcoin

As his final point, ZachXBT took aim at the rumor that FTX hacker trades memecoins, which was first noted by blockchain analytics firm CertiK.

Instead, the blockchain detective claims the transfers have been “spoofed” on the Ethereum network, citing a March blog by Etherscan community member Harith Kamarul, which explains how transactions can be spoofed.