This article was updated on November 20, 2022.
On November 12, just 24 hours after filing for Chapter 11 bankruptcy in the US, $477 million in cryptoassets was siphoned from FTX’s wallet, through what is believed to be a series of “unauthorized” transfers.
The “hack” was announced by an administrator on FTX’s Telegram channel:
Within hours, most of the tokens taken from FTX were exchanged for ETH via decentralized exchanges. This is a tactic commonly seen in large-scale hacks, where thieves seek to avoid seizure of stolen assets such as stablecoins, which can be frozen by their issuers.
However, this was not before around 100 million USDT (Tether) and Paxos Gold (PAXG) tokens taken from FTX were frozen by their issuers.
On November 12, Chief Restructuring Officer and CEO of FTX John Ray stated that “there was unauthorized access to certain property” and that they “coordinated with law enforcement authorities” on the matter.
However, on November 17, the Bahamas Securities Commission explained that he directed “the transfer of all digital assets of FTX Digital Markets to a digital wallet controlled by the Commission, for safekeeping”.
It is not clear whether the Commission was referring to the $477 million that was transferred under suspicious circumstances on November 12. Others have suggested to talk about a separate transfer of ~$280 million of newly minted FTT tokens and ETH from the FTX wallet, which took place on November 13th.
In a further twist, FTX lawyers filed an emergency court motion the same evening, suggesting that Bahamian regulators ordered Sam Bankman-Fried to gain “unauthorized access” to FTX systems in order to obtain crypto assets belonging to the company and transfer those assets to the custody of the Bahamian government.
On the morning of November 20, the ETH in the account began to convert to RenBTC, before being bridged to Bitcoin via the RenBridge service. Ren bought Alameda Research last year.
The use of RenBridge in this way is often seen in the laundering of hack proceeds. Elliptical research revealed how the service was used to launder hundreds of millions of dollars in crypto.
It is increasingly unlikely that the Bahamian regulator has control over this particular asset. It is more likely that they have a second Ethereum account that holds ~$280 million in cryptocurrency, which was received from the FTX wallet on November 13th.
Compliance Financial Services Americas