Blockchain Trail Links FTX $477 Million Hacker to Russia

Blockchain analyst Elliptic unveiled laundering techniques by infamous and Russian-linked connection.

Hacker looking at his laptop with a digital russia map on it.
Created by Gabor Kovacs from DailyCoin
  • Blockchain analyst Elliptic is investigating the FTX hack
  • The firm has identified a Russian-linked entity as a likely suspect.
  • The hacker has continued to move assets amid the ongoing SBF trial.

In November 2022, the defunct exchange FTX fell victim to a cyber attack that siphoned off assets exceeding $477 million. Following the breach, the anonymous hacker maintained a low profile for several months, only to recently resurface with a renewed wave of asset transfers.

The resurgence has allowed cybersecurity experts to reignite their hunt and follow the hacker’s trail into Russia.

Unmasking the Attacker’s Connection to Russia

In a report released on October 12th, blockchain analysts at Elliptic unveiled the trail of the notorious attacker(s) behind the FTX cyber heist. 


The investigations further revealed the various laundering and mixing techniques that the hackers have adopted since their initial rounds of movement to obscure their trail and avoid asset seizures.

An extract from Elliptic's report, displaying hackers's transaction history.

Although the identity remains elusive, some stolen assets have been laundered through funds linked to Russia-associated criminal groups, including ransomware gangs and darknet markets. This suggests the potential involvement of a broker or intermediary with connections within the region.

The report also highlights a significant proportion of the stolen assets being actively converted into native assets, such as BTC and ETH, through decentralized exchanges, including Uniswap and Pancakeswap. The assets are then transferred to different blockchains via cross-chain bridges, coinciding with the ongoing trial of former CEO Sam Bankman-Fried.

SBF Not Guilty?

Following the November breach, the crypto community speculated that the disgraced CEO may have been responsible for the exploit initiated after his Chapter 11 bankruptcy filing. 


Despite his limited internet access, SBF has also faced accusations of potential involvement in the ongoing funds movement.

However, Eliptic’s recent investigation has suggested the unlikelihood of this. The report stated, “At 3:41 pm EST on October 4th 2023, $15 million of the stolen crypto was moved – at which time Bankman-Fried was reportedly in court without internet access.”

Elliptic maintains the possibility of the exploit being an ‘inside job,’ emphasizing that some employees may have had unauthorized access to the assets during the tumultuous period that followed the exchange’s bankruptcy.

On the Flipside

  • Speculations have arisen among the crypto community that FTX hackers may have ties to the notorious North Korean hacker group Lazarus.
  • Revelations of the exchange’s feeble safety practices, as disclosed by a former employee, may have facilitated the exploit.
  • The hacker has exchanged over $120 million worth of ETH since September 30th.

Why This Matters

The FTX attack serves as another reminder of the crypto industry’s present vulnerability and underscores the need for strengthened security measures.

To dive deeper into the ongoing SBF trial, read here:
Shocking FTX Trial Unearths Bitcoin Price Manipulation Plan 

Terraform Labs refutes blame for UST market crash, alleges Citadel as mastermind. Read more: 
Terraform Labs Asserts Citadel Depegged UST with New Filing 

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Grace Abidemi

Grace Abidemi, a cryptocurrency reporter at DailyCoin, covers industry developments and trends. She previously worked as a freelance writer. With a Bachelor's degree in German Language and certifications in marketing and storytelling, Grace creates engaging content. When not working, she's in Nigeria, mastering cooking and canvas painting, and enjoys learning about different cultures and languages.