The FTX wallet drainer address has been perfectly swapping assets and using bridges to launder some of the stolen funds. Notably, the hacker behind the bankrupt crypto exchange FTX began transferring their Ether (ETH) holding to a new wallet address on November 20.
This FTX wallet drainer was the 27th biggest ETH holder after the hack but dropped by 10 positions after the weekend Ether dump. The hacker stole almost $447 million out of multiple FTX global and FTX.US exchange wallets barely hours after the crypto exchange filed for Chapter 11 bankruptcy on November 11. Most of the stolen funds were in ETH, which made the exploiter the 27th biggest ETH whale.
On November 20, the FTX wallet drainer 1 transferred 50,000 ETH to a new address, 0x866E. This new wallet address then swapped the ETH for renBTC (ERC-20 version of BTC) and bridged to two wallets on the Bitcoin blockchain. One of these wallets bc1qvd…gpedg held 1,070 renBTC while the other wallet bc1qa…n0702 held 2,444 renBTC.
https://twitter.com/CertiKAlert/status/1594289021030731778
Crypto analytic firm CertiK later tracked all the bridged renBTC on bc1qvd…gpedg address and discovered that the address employed a money laundering strategy known as peel chain to launder the renBTC.
A Peel chain is a method used to launder huge amounts of crypto via a long series of minor transactions. Interestingly, a small portion is ‘peeled’ from the subject’s address in a low-value transfer. All these incremental laundered funds are mostly transferred to exchanges where they can be changed to fiat currency or any other crypto assets.
At the time of the FTX hack, there were two parties involved. One black hat managed to steal $447 million while a white hat managed to move $186 million of FTX assets to cold storage.
Nevertheless, when Bahaman Securities and Exchange Commission published a notice indicating that they are attempting to move assets from the FTX, it raised many eyebrows. Most people claimed that the securities regulator was, in fact, the black hat involved in the exploit.
Buy Bitcoin NowDid you see this? Bahamian SEC claims to have (tried to?) "transfer all digital assets" to a digital wallet that they, not FTX, controls. If FTX is the white hat, then isn't the Bahamian govt the black hat?https://t.co/ddbEmx2nyq
— zkSTONKs (@zkSTONKs) November 20, 2022
On-chain analyst ZachXBT highlighted the token transfer pattern of the black hat wallet and stated that the wallet was dumping tokens and bridging sporadically was a different behavior from the other addresses that withdrew from FTX and instead sent to a multisig on chains like Tron and Ethereum.
Reviewing the movement of funds and the strategies involved in the transfer of the funds, it is almost impossible that FTX wallet drainer 1 is under the control of the Bahamian government subject to today’s on-chain activity. The Bitcoin activity is constant with a peel chain, a type of money laundering that might be highly strange for a government agency to get involved in.