Hackers who drained FTX and FTX USA of over $450 million worth of assets just moments after the doomed crypto exchange filed for bankruptcy on Nov. 11, continue to move assets around in an attempt to launder the money.
A crypto analyst who goes by ZachXBT on Twitter alleged that the FTX hackers have transferred a portion of the stolen funds to the OKX exchange, after using the Bitcoin mixer ChipMixer. The analyst reported that at least 225 BTC — worth $4.1 million USD — has been sent to OKX so far.
1/ Myself and @bax1337 spent this past weekend looking into the FTX attacker’s deposits to ChipMixer.
It appears they’ve likely been transferring a portion of the stolen FTX funds to OKX after withdrawing from CM
So far we’ve accounted for at least $4.1m (255 BTC) sent to OKX pic.twitter.com/C46JZWtktn
— ZachXBT (@zachxbt) November 29, 2022
According to ZachXBT, the FTX hacker first began depositing BTC into ChipMixer on Nov. 20, after using Ren Bridge, a protocol that acts as a bridge for cryptocurrencies. In his analysis, ZachXBT shared that he had observed a pattern with addresses receiving funds from ChipMixer. According to him, each of the addresses follows a similar pattern; “withdrawal from CM”, “50% peels off” and then “50% deposited to OKX”.
Following the discovery of the deposits made to the OKX exchange, the Director of OKX shared on Twitter that; “OKX is aware of the situation, and the team is investigating the wallet flow.”
#OKX is aware of the situation, and the team is investigating the wallet flow.
— lennixlai.eth (OKX) (@LennixOKX) November 29, 2022
On Nov, 12, Cointelegraph reported that the hack was flagged right after FTX announced bankruptcy. At the time, out of the $663 million drained, around $477 million were suspected to be stolen, while the remainder is believed to be moved into secure storage by FTX themselves.
On Nov. 20, the hacker began transferring their Ether (ETH) holding to a new wallet address. The FTX wallet drainer was the 27th largest ETH holder after the hack, but dropped by 10 positions after dumping 50,000 ETH.
The fact that hackers managed to drain assets from FTX global and FTX.US at the same time, despite these two entities being completely independent, became a hot topic of discussion within the crypto community, and raised speculations about it possibly being an inside job.