Scorechain investigates the FTX hack

FTX suffered a hack, only hours after it had filed for bankruptcy on November 11, 2022. Ryne Miller, FTX US general counsel, confirmed on Twitter that the team was pausing trading and withdrawal functions due to unauthorized access to certain assets. He also clarified that FTX moved crypto assets to cold storage to prevent further assets from being hacked

2/ Among other things, we are in the process of removing trading and withdrawal functionality and moving as many digital assets as can be identified to a new cold wallet custodian.  As widely reported, unauthorized access to certain assets has occurred.

— Ryne Miller (@_Ryne_Miller) November 12, 2022

The hackers used the address 0x59ABf3837Fa962d6853b4Cc0a19513AA031fd32b to perpetrate the hack. They managed to steal $566,119,717.04 across several crypto assets, and the address 0x59ABf3 was one of the richest Ethereum addresses. It currently holds $20,427,627.93, including 5,735.32 ETH.

Scorechain tracked multiple transactions sent from FTX and FTX US to the FTX hack address 0x59ABf3.

At the time of writing, the address has already sent $344,085,505.14 to various wallets. Following the funds, Scorechain identified several DEX swaps. The hackers, for instance, swapped USDT for DAI and CUSDT.

They also sent 50,000 ETH to an intermediate address 0x866eeecd1f248d1a0a2e0263f13594a6b8b7c01a before swapping 49,990 ETH  for renBTC on 1inch, a decentralized exchange.

The hackers then moved to the Bitcoin blockchain. More specifically, they converted $57 million to BTC through the RenBridge protocol and ended up on three addresses:

• bc1qaq09p8qy97pf9rhnwtxvj7htqhmyejvv6n0702 (received 2,444.55 BTC worth $40 million)
• bc1qvd2kntzzz6y223av68h4xx8zwhxmcncy3gpedg (received 1,068.93 BTC worth $17 million)
• bc1qexzss0wh5lz0q5emcm7rp29h9tqrc0tulvpp4t (received 1,022.62 BTC worth $16 million)

The hackers have started sending the funds from the addresses through peel chains, as shown in the example below.

Yesterday, the hackers sent 195,000 ETH to 13 different wallets, as shown below. We have been made aware of the movements thanks to our real-time alert notification system. For now, these funds have not moved further.

All these kinds of transactions have the purpose of obfuscating the trail of funds, making the transactions harder to trace. However, such transaction patterns can be easily read through using blockchain analytics tools such as Scorechain.

About Scorechain

Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped over 200 customers in 45 countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.

Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, Tezos, and Tron with TRC10 and TRC20 tokens. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.