FTX Hack or Inside Job? Blockchain experts examine clues and a ‘stupid mistake’
Beleaguered crypto exchange FTX was hit by a $600 million hack over the weekend, and at least one blockchain expert says clues point to a high-level insider who made an amateur mistake that may have accidentally exposed their identity.
The attacker appears to have “had access to all the cold wallet storage that he exploited,” Dyma Budorin, co-founder and CEO of blockchain security auditing firm Hacken, said Monday in an interview with CoinDesk TV.
The hack examined blockchain transactions and found that the raider tried to send tether (USDT) stablecoin on the Tron blockchain several times without success because they did not have enough TRX, the Tron network’s native token, in their wallets to pay for transaction fees. So the raider used his verified personal account on crypto exchange Kraken to send 500 TRX to the compromised wallet address to cover the transaction.
“He made a stupid mistake,” Budorin said.
Due to Kraken’s know-your-customer or KYC measures – part of its anti-money laundering compliance requirements – and verification process, the exchange had information about who owns the personal wallet TRX was sent from, revealing the identity behind exploit.
The hack immediately contacted Kraken’s security team about the transaction, Budorin said.
“We know the identity of the user,” Nick Percoco, chief security officer of crypto exchange Kraken, said in a statement chirping Saturday. Percoco added that he was told that FTX or the exchange’s founder and former CEO, Sam Bankman-Fried, will issue an official statement.
Budorin said the exploit showed that the way FTX managed its cold wallets was “very bad”.
Read more: ‘FTX Has Been Hacked’: Crypto Disaster Worsens As Exchange Sees Mysterious Outflows Topping $600M
New details about the exploit led to speculation about crypto Twitter that possibly FTX owner Sam Bankman-Fried or someone in his close circle could have been behind the exploit, given access to FTX’s cold wallets.
When asked if Bankman-Fried was the owner of the compromised wallet from which the exploit originated, Budorin said that “this is confidential information,” but he added that the wallet’s owner is a US citizen. Budorin did not return CoinDesk’s request for further comment at the time of publication about how he obtained information about the hacker’s citizenship and whether Kraken shared any personal data with Hacken of the account holder.
A Kraken spokesperson said the exchange is “in contact with law enforcement, and has frozen Kraken account access to certain funds we suspect to be associated with ‘fraud, negligence or carelessness’ related to FTX,” according to an emailed statement.
Of course, blockchain-savvy criminals can be sophisticated, so it’s possible that the bug was a red herring that the raider intentionally provided to mislead the investigation — by creating some confusion.
“It’s very common for a fraudster to use a fake KYC (know-your-customer) account so that the authorities are chasing the wrong person,” Cryptogle, a blockchain expert, told CoinDesk.
Top exchange FTX and trading firm Alameda Research were the crown jewels of Bankman-Fried’s crypto empire, which imploded in spectacular fashion last week after a bank run on FTX’s deposits revealed it had lost billions of dollars of digital assets belonging to clients.
The entire conglomerate, 138 firms in all, filed for bankruptcy protection on Friday after rescue plans failed, triggering more investigations.
Read more: FTX files for US bankruptcy protection; CEO Bankman-Fried resigns
