On the move: FTX hacker splits nearly $200M in ETH across 12 wallets

Published at: Nov. 22, 2022

The hacker behind the theft of more than $447 million of crypto from the crypto exchange FTX has been again spotted moving their ill-gotten funds. 

According to Etherscan data, between 4:11 to 4:17 pm UTC on November 21, the attacker moved a total of 180,000 Ether (ETH) across 12 newly created wallets — each receiving 15,000 ETH. The total amount moved totaled $199.3 million at current prices.

At the time of publication, the ETH has not moved from any of the 12 wallets.

Some in the crypto community suggest the attacker may be planning to subdivide it into smaller and smaller amounts in order to confuse investigators, a process known as “peel chaining,” or they may be planning to use a mixing service at some point to obscure which coins are theirs.

Meanwhile, some Ethereum users appear to have sent coded messages to the hacker asking for a share of the loot.

One user registered the Ethereum Name Service (ENS) domain name, “ftx-rekt200k-pls-help.eth” to express that they have lost money from the FTX collapse and to ask for a reimbursement from the hacker.

They sent 21 transactions of 0.000001 Ether to the hacker’s address in an attempt to get noticed.

Another user was even more creative. They registered the ENS domain, “pleasecheckutf8data.eth” and sent 12 transactions of 0.0001 ETH or less to the hacker’s wallet address.

Inside each transaction was a UTF8 encoded message that said “Please send me 100k~, I have medical bills to pay and visit the USA this coming December. I can't walk properly, and have aggressive muscle issues. Please help! I lost most of my money on FTX.”

The message also contained a link to an Imgur post which the user claimed was proof of their medical appointment.

Related: FTX hacker dumps 50,000 ETH, still among top 40 Ether holders

The hack occurred on Nov. 11, the same day that FTX filed for chapter 11 bankruptcy protection.

On November 20, the attacker transferred 50,000 ETH to a separate wallet and then converted it to Bitcoin using two separate renBTC bridges.

As of today, the hacker is the 40th largest holder of ETH.

Tags
Ftx
Related Posts
FTX hacker is now the 35th largest holder of ETH
The hacker that exploited the now-bankrupt FTX exchange last week made a tidy fortune that has propelled them to Ether (ETH) whale status. Just a day after the embattled FTX exchange filed for Chapter 11 bankruptcy, its wallets were drained for more than $663 million in various crypto assets, according to blockchain intelligence company Elliptic. Elliptic suspected $477 million of this was stolen, with a large chunk of those tokens being then converted into ETH, while $186 million worth of more than a hundred different tokens was believed to be moved into secure storage by FTX itself. As reported by …
Ethereum / Nov. 16, 2022
FTX hacker dumps 50,000 ETH, still among top 40 Ether holders
The hacker behind the bankrupt cryptocurrency exchange FTX started transferring their Ether (ETH) holding to a new wallet address on Nov. 20. The FTX wallet drainer was the 27th largest ETH holder after the hack but dropped by 10 positions after the weekend ETH dump. The FTX hacker drained nearly $447 million out of multiple FTX global and FTX.US exchange wallets just hours after the crypto exchange filed for Chapter 11 bankruptcy on Nov. 11. Majority of the stolen funds were in ETH, making the exploiter the 27th largest ETH whale. On Nov.20, the FTX wallet drainer 1 transferred 50,000 …
Bitcoin / Nov. 21, 2022
DeFi ecosystem still haunted by FTX contagion: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The FTX contagion that started in the second week of November is still haunting various crypto protocols in the DeFi ecosystem. The latest to fall prey to the contagion includes the Solana-based decentralized exchange (DEX) Serum, of which Alameda and FTX were backers. Another DeFi crypto trading firm Auros Global missed its principal repayment on a 2,400 Wrapped Ether (wETH) DeFi loan. Looking at some other key news in the DeFi ecosystem, popular DEX …
Blockchain / Dec. 2, 2022
Here's how to quickly spot a deepfake crypto scam — cybersecurity execs
Crypto investors have been urged to keep their eyes peeled for "deepfake" crypto scams to come, with the digital-doppelganger technology continuing to advance, making it harder for viewers to separate fact from fiction. David Schwed, the COO of blockchain security firm Halborn told Cointelegraph that the crypto industry is more “susceptible” to deepfakes than ever because “time is of the essence in making decisions” which results in less time to verify the veracity of a video. Deepfakes use deep learning artificial intelligence (AI) to create highly realistic digital content by manipulating and altering original media, such as swapping faces in …
Blockchain / Jan. 13, 2023
OpenSea planned upgrade stalls as phishing attack targets NFT migration
Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don't migrate over from Ethereum risk losing their old, inactive listings — which currently require no gas fees for migration. Major nonfungible token (NFT) marketplace OpenSea has reportedly fallen victim to an ongoing phishing attack within hours after announcing a week-long planned upgrade to delist inactive NFTs on the platform. However, the urgency and short deadline opened up a small window of opportunity for hackers. Within …
Adoption / Feb. 20, 2022