enes

Back to blog

Scorechain investigates the FTX hack

By:

loading

SCORECHAIN

Date: November 22nd 2022

Published on: Global News, Investigation

Tags:

Crypto AML, Crypto Hack, Cryptocurrency, FTX, Hack, Risk assessment, RiskAML,

Scorechain investigates the FTX hack

FTX suffered a hack, only hours after it had filed for bankruptcy on November 11, 2022. Ryne Miller, FTX US general counsel, confirmed on Twitter that the team was pausing trading and withdrawal functions due to unauthorized access to certain assets. He also clarified that FTX moved crypto assets to cold storage to prevent further assets from being hacked

2/ Among other things, we are in the process of removing trading and withdrawal functionality and moving as many digital assets as can be identified to a new cold wallet custodian.  As widely reported, unauthorized access to certain assets has occurred.

— Ryne Miller (@_Ryne_Miller) November 12, 2022

The hackers used the address 0x59ABf3837Fa962d6853b4Cc0a19513AA031fd32b to perpetrate the hack. They managed to steal $566,119,717.04 across several crypto assets, and the address 0x59ABf3 was one of the richest Ethereum addresses. It currently holds $20,427,627.93, including 5,735.32 ETH.

Scorechain Analytics screenshot
The current balance of 0x59ABf3837Fa962d6853b4Cc0a19513AA031fd32b

Scorechain tracked multiple transactions sent from FTX and FTX US to the FTX hack address 0x59ABf3.

Scorechain Investigation Tool  screenshot

At the time of writing, the address has already sent $344,085,505.14 to various wallets. Following the funds, Scorechain identified several DEX swaps. The hackers, for instance, swapped USDT for DAI and CUSDT.

They also sent 50,000 ETH to an intermediate address 0x866eeecd1f248d1a0a2e0263f13594a6b8b7c01a before swapping 49,990 ETH  for renBTC on 1inch, a decentralized exchange.

Scorechain Investigation Tool  screenshot

The hackers then moved to the Bitcoin blockchain. More specifically, they converted $57 million to BTC through the RenBridge protocol and ended up on three addresses:

  • bc1qaq09p8qy97pf9rhnwtxvj7htqhmyejvv6n0702 (received 2,444.55 BTC worth $40 million)
  • bc1qvd2kntzzz6y223av68h4xx8zwhxmcncy3gpedg (received 1,068.93 BTC worth $17 million)
  • bc1qexzss0wh5lz0q5emcm7rp29h9tqrc0tulvpp4t (received 1,022.62 BTC worth $16 million)

The hackers have started sending the funds from the addresses through peel chains, as shown in the example below.

Scorechain Investigation Tool screenshot
Peel chain initiated from bc1qvd2kntzzz6y223av68h4xx8zwhxmcncy3gpedg

Yesterday, the hackers sent 195,000 ETH to 13 different wallets, as shown below. We have been made aware of the movements thanks to our real-time alert notification system. For now, these funds have not moved further.

Scorechain Investigation Tool screenshot

All these kinds of transactions have the purpose of obfuscating the trail of funds, making the transactions harder to trace. However, such transaction patterns can be easily read through using blockchain analytics tools such as Scorechain.

Request a demo

About Scorechain

Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped over 200 customers in 45 countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.

Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, Tezos, and Tron with TRC10 and TRC20 tokens. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.

Customers

Financial Institutions

Crypto Businesses

Government and agencies

Solutions

Scorechain Analytics

Exploration Tool

Entity Directory

Case Manager

Reports and alerts

Customization

Travel rule

NFT AML compliance

Investigation

Resources

Guidelines and regulations

Scorechain Academy

Who we are

Glossary

Blog

Company

Terms of service

Who we are

Career

Contact us

finance startup of the yearregtech 100startup award 2021

© 2023 Scorechain. All rights reserved.