Crypto sleuth debunks 3 biggest misconceptions about the FTX hack

Published at: Nov. 21, 2022

On-chain sleuth ZachXBT has shared his findings on what he sees as the three most common misconceptions about the FTX hack — taking to Twitter to correct a "ton of misinformation" about the event and the possible culprits. 

In a lengthy Nov. 20 post on Twitter, the self-proclaimed “on-chain sleuth” debunked speculation that Bahamian officials were behind the FTX hack, that exchanges knew the hacker's true identity, and that the culprit is trading memecoins.

1/ I have seen a ton of misinformation being spread on Twitter and in the news about the FTX event so let me debunk the three most common things I’ve seen“Bahamian officials are behind the FTX hack”“Exchanges know who the hacker is”“FTX hacker is trading meme coins” pic.twitter.com/IAtHnpJI44

— ZachXBT (@zachxbt) November 20, 2022

On the same day that FTX's filed for bankruptcy on Nov. 11, the crypto community began flagging suspicious transactions on wallets associated with FTX, with more than $650 million transferred off the wallet. 

While there was no official culprit has been identified, a Nov. 17 statement from the Securities Commission of the Bahamas (SCB) that stated it had ordered the transfer of all digital assets of FTX to a digital wallet owned by the commission around that time prompted some to believe the SCB was behind the supposed "hack." 

However, ZachXBT argued that the “0x59” wallet address associated with the hacker was a blackhat address and not affiliated with either the FTX team or the SCB because it "began selling tokens for ETH, DAI, and BNB and using a variety of bridges so crypto couldn't be frozen on 11/12."

"The fact 0x59 was dumping tokens and bridging sporadically was very different behavior from the other addresses who withdrew from FTX and instead sent to a multisig on chains like Eth or Tron,” he added.

Zach also notes that the blackhat wallet also had contact with another wallet, 0x24, which he suggests "has very [suspicious] behavior on-chain using sketchy services."

"This behavior completely differs what was said about the Debtors moving assets to cold storage or Bahamian government moving assets to Fireblocks."

ZachXBT says his final clue was the wallet address selling Ether (ETH) for renBTC and then using RenBridge, which he says will most likely end with the funds being sent to "a mixer at some point in the future."

Blockchain analytics firm Chainalysis came to a similar conclusion in a Nov. 20 post, noting that:

"Reports that the funds stolen from FTX were actually sent to the Securities Commission of The Bahamas are incorrect. Some funds were stolen, and other funds were sent to the regulators."

FTX has also commented on the recent fund movements, posting a warning to exchanges "that certain funds transferred from FTX Global and related debtors without authorization on 11/11/22 are being transferred to them through intermediate wallets."

(2/2) Exchanges should take all measures to secure these funds to be returned to the bankruptcy estate.

— FTX (@FTX_Official) November 20, 2022

ZachXBT also highlighted the potential misinformation surrounding the claim the hacker's identity had been discovered by "Kraken or other exchanges."

The rumor had been circulating since Kraken's chief security officer claimed in a Nov.12 post that“We know the identity of the user.”

Zach says "In reality" the user identified as the hacker was likely just the FTX group securing assets to a multi-signature wallet on Tron, using Kraken due to the FTX hot wallet being out of gas for transactions., stating: 

"The withdrawals to these multisigs also matched what Ryne Miller (FTX GC) had said at the time. This took place hours after the initial 0x59 withdrawals."

Related: FTX funds on the move as thief converts thousands of ETH into Bitcoin

As his last point, ZachXBT took aim at the rumor that the FTX hacker is trading memecoins, which was first noted by blockchain analytics firm CertiK.

Instead, the blockchain detective claims the transfers have been "spoofed" on the Ethereum network, citing a March blog by Etherscan community member, Harith Kamarul explaining how transactions can be faked.

Tags
Bitcoin
Ethereum
Business
Cryptocurrency Exchange
Cryptocurrencies
Tokens
Hackers
Social Media
Twitter
Ftx
Related Posts
Huobi Global denies ‘large-scale layoffs’ and key exec resignations
Huobi Global says it has no plans to conduct “large-scale layoffs” and has refuted reports that two of its top executives have resigned amid a takeover of the Seychelles-based crypto exchange. Reports that the company’s chief executive officer (CEO) Leon Li and chief financial officer (CFO) Chris Lee have resigned appeared to have originated from an Oct. 29 Twitter post from Chinese crypto blogger Colin Wu, citing “people familiar” with Huobi. The Twitter post also suggested there could be mass layoffs planned for its 1,600 employees due to “too many people" working at the company. However, a spokesperson from Huobi …
Bitcoin / Nov. 1, 2022
FTX founder Sam Bankman-Fried removes ‘assets are fine’ flood from Twitter
Sam Bankman-Fried, founder and CEO of the troubled cryptocurrency exchange FTX, appears to have retracted his words about the safety of client holdings on FTX. Bankman-Fried has deleted a Twitter thread where he tried to assure customers that FTX and the assets on the platform were “fine.” FTX CEO took to Twitter to post the thread of four different tweets on Nov. 7, claiming that FTX had “enough to cover all client holdings.” Bankman-Fried also stated that the firm didn’t invest client assets and has been processing all withdrawals and “will continue to be.” “We have a long history of …
Bitcoin / Nov. 9, 2022
Ledger hardware wallets hit by the FTX earthquake, CTO says
Hardware-based cryptocurrency wallet provider Ledger has experienced some issues due to massive outflows from crypto exchanges amid the FTX bloodbath, according to its chief technology officer. Ledger saw a “massive usage” of their platforms and suffered a “few scalability challenges” on Nov. 9, Ledger CTO Charles Guillemet reported in a statement on Twitter. Guillemet reasoned Ledger’s issues by the outcomes of the ongoing crisis of a major global cryptocurrency exchange, FTX. The CTO said that crypto investors have been increasingly offloading their holdings from crypto exchanges to Ledger, stating: “ After the FTX earthquake, there's a massive outflow from exchanges …
Bitcoin / Nov. 10, 2022
Crypto recruitment execs reveal the safest jobs amid layoff season
Despite a wave of heavy crypto layoffs to start the new year, employees in technical and engineering roles, as well as senior management, will likely continue to see “strong demand” for their skills, recruitment professionals believe. It’s been a tough first few weeks of 2023 for crypto businesses and their staff. Within just two weeks, the market has already seen more than 1,600 crypto-related job cuts as a result of continued market volatility and uncertainty. However, not all departments have seen the same level of cuts. SAFU: Senior-level tech and engineering Rob Paone, founder and CEO of crypto recruitment firm …
Blockchain / Jan. 18, 2023
South Korea’s Kimchi premium turns to discount
South Korea’s "Kimchi premium" has flipped to a discount again, meaning cryptocurrencies such as Bitcoin are now cheaper to buy on South Korean exchanges. The phenomenon is named after the Korean dish kimchi. The Kimchi premium refers to when the price of Bitcoin (BTC) trades higher on South Korean exchanges than in other markets. According to data from blockchain analytics provider CryptoQuant, the Korea Premium index has been shifting between the -0.24 and 0.01 range between Feb 17 and 19. As of writing, data on CoinMarketCap shows BTC is trading at roughly $24,464 on Coinbase and $24,487 on Binance. In …
Bitcoin / Feb. 20, 2023