Share this
FTX Hacker Finally Making a Move
by Reflare Research Team on Oct 5, 2023 8:06:00 PM
After FTX's monumental crash and a hacker's theft of hundreds of millions, the crypto world searched for answers, and just when the trail seemed cold, unexpected activity sparked from the suspected hacker's wallet.
First Published 5th October 2023
Cash moves everything around me.
5 min read | Reflare Research Team
Cash is king
When FTX, one of the prominent players in the cryptocurrency arena, experienced its seismic collapse, the crypto community was left in shock. On top of that, a hacker made away with hundreds of millions of dollars, leaving only digital footprints behind. The aftermath was characterised by disbelief, investigations, and a desperate hunt for answers. But for 10 months, it seemed like the trail had gone cold. That is until some unexpected activity erupted from the wallet believed to belong to the hacker in September 2023.
What is FTX?
FTX was a cryptocurrency exchange co-founded by MIT alumni Sam Bankman-Fried and Gary Wang in 2019. Unlike typical cryptocurrency firms, FTX was known for its dealings in crypto derivatives. Wang’s experience at Google combined with Bankman-Fried's expertise in ETFs trading, giving the company a solid foundation. Their strategic moves bore fruit as FTX's valuation skyrocketed, reaching a peak of $32 billion. Its U.S. branch, FTX America, alone was valued at $8 billion after an impressive fundraising round in January 2022.
However, the fortunes of FTX began to change drastically in November 2022. In a shocking announcement, Bankman-Fried stepped down as CEO, followed by the bankruptcy news of the company. Within a week, FTX had crumbled. The sequence of events that led to this precipitous fall was a combination of internal mismanagement and external factors.
Delving deeper into the collapse, it was evident that a severe liquidity crisis had engulfed FTX, centering around the FTT token and Bankman-Fried's other trading venture, Alameda Research Company. Reports unveiled Bankman-Fried’s questionable decision to divert as much as $10 billion of FTX customer funds to Alameda. Given that a significant chunk of Alameda's assets were tied up in the FTT token, this move proved catastrophic and spurred a massive wave of withdrawals from FTX when the information came to public knowledge, driving the firm into bankruptcy.
The situation then became worse by the hacking of roughly $323 million from the company's international exchange and an additional $90 million from its US platform after they declared bankruptcy.
It's time to move
The identity of the hacker, much like the exact modus operandi of the hack, had become the stuff of legend. Drawing on information shared by CryptoPotato news platform, the first ripples were spotted when the hacker's wallet, which had been dormant and holding assets worth more than $300 million, had suddenly awakened. What's more, the wallet still retained a hefty 12.5K ETH, even after the new activity.
On closer inspection, data revealed a total of $8 million being funnelled via the RailGun privacy wallet and Thorchain, with the transfers taking place on September 30th. These funds were divided into two separate transactions, each containing 2,500 ETH valued at $4 million.
The staggering reality
The rise of cryptocurrencies promises a financial revolution, yet, as with all revolutions, there are pitfalls. Foremost among these in the crypto world are the hacks of centralised cryptocurrency exchanges, often involving staggering amounts of money. From the nascent days of Bitcoin to the proliferation of altcoins, security breaches have been a lingering menace. Recent estimates suggest that annual losses from such hacks range between $3 billion to a whopping $14 billion.
Centralised cryptocurrency exchanges, often likened to traditional banks, act as intermediaries for users wanting to trade or purchase cryptocurrencies. The irony here is palpable – a decentralised currency system yet heavily reliant on centralised platforms. And as we delve deeper into some of the most significant breaches, collated by RankFi, it becomes evident that even the giants in this arena are not invincible.
- Coincheck ($532M, 2018): The Tokyo-based Coincheck was once proud of its robust security mechanisms. However, the whopping loss of $532 million, primarily in NEM currency, shattered this image. Hackers used malware and phishing tactics to break into user hot wallets, demonstrating the ingenuity of cyber-criminals. The silver lining here was Coincheck's decision to refund all affected users in the aftermath.
- Mt. Gox ($480M, 2014): This Tokyo exchange was once the titan of Bitcoin trading, handling 70% of all Bitcoin transactions worldwide. Yet, it became a cautionary tale when $480 million worth of Bitcoin was purloined. The intricate hack involved manipulating Bitcoin prices with counterfeit coins and exfiltrating funds from hot wallets.
- FTX ($415M, 2022): Recent and still shrouded in mystery, the FTX breach has shocked the crypto world. Speculations are rife about the possibility of an inside job, and as investigations are underway, the crypto community remains on tenterhooks.
- KuCoin ($281M, 2020): Situated in Singapore, KuCoin's hack was another major blow to the crypto community. The lack of clarity regarding the cause of this breach only compounds the anxiety for many users. Fortunately, insurance came to the rescue, providing refunds.
- Bitmart ($196M, 2021): A grim tale of stolen private keys and $196 million lost. Despite promises of refunds, BitMart users are still in the dark, accentuating the importance of transparency in crisis management.
- Bitgrail ($146M, 2018): This breach stands out due to its shocking revelation - the founder of Bitgrail, operating under the pseudonym F. F., is suspected to be the mastermind behind this massive theft.
- Liquid ($97M, 2020): Yet another tale of a phishing exploit. Hackers, with their ever-evolving techniques, managed to breach Liquid’s internal network, leading to substantial losses.
- AscendEx ($77M, 2021): The vulnerability of hot wallets was again exposed in this breach, reminding us of the dangers of online storage.
- Bitfinex ($71M, 2016): Despite its touted multi-signature wallet security feature, Bitfinex fell prey to hackers. The only saving grace was the subsequent apprehension of the perpetrators.
- Zaif ($60M, 2018): The delay in detecting the breach at Zaif resulted in significant losses. Thankfully, an acquisition led to full refunds for affected users.
- Binance ($40M, 2019): Last but not least, Binance's loss, although insured, reiterated that hackers employ a plethora of techniques, from phishing to viruses, making security a constant challenge.
Why crypto exchanges might be neglecting cybersecurity
While the security breaches outlined above are alarming, the root causes of such vulnerabilities extend beyond mere technical challenges. A key distinction between cryptocurrency exchanges and traditional financial platforms lies in the realm of regulation. Traditional financial institutions, such as banks and stock exchanges, are bound by stringent regulations and oversight that mandate rigorous security measures. These regulations are the product of decades, if not centuries, of financial evolution, lessons learned from past mistakes, and governments' obligations to protect their citizens' assets.
In contrast, the world of cryptocurrency, being relatively nascent, lacks the comprehensive regulatory framework that surrounds traditional financial systems. Many countries are still grappling with how to define, let alone regulate, cryptocurrencies. This regulatory void can lead to a laissez-faire attitude among some crypto exchanges, where the absence of clear legal mandates might mean that robust cybersecurity measures are viewed more as optional than obligatory.
Furthermore, the rapid growth and immense profitability of the cryptocurrency sector have led to a rush of exchanges setting up shop to capitalise on the booming market. In the hurry to capture market share and generate profits, some exchanges may cut corners on security or fail to invest adequately in cybersecurity infrastructure and expertise.
However, it's important to note that not all crypto exchanges are cavalier about security. Many of the industry's leading platforms have invested significantly in safeguarding their systems, often employing cutting-edge technologies and security experts to ensure the protection of their users' assets. But as long as there exists a disparity in regulatory expectations between traditional and crypto platforms, vulnerabilities may persist.
Best practices and innovative measures
The challenges facing crypto exchanges in terms of security are significant, but they are not insurmountable. As the industry matures, several best practices and innovative solutions have emerged to safeguard exchanges and their users. Here are some of the leading measures that crypto exchanges can adopt:
- Multi-Signature Wallets: One of the foundational measures for securing crypto assets is the use of multi-signature wallets. These require multiple private keys to authorise a transaction, ensuring that even if one key is compromised, the assets remain safe.
- Cold and Hot Wallets: By storing the majority of funds in cold wallets (offline storage) and only a minimal amount in hot wallets (online storage), exchanges can significantly reduce their exposure to online hacks.
- Regular Security Audits: Exchanges should undergo frequent and comprehensive security audits by reputable third-party firms. This ensures that potential vulnerabilities are identified and addressed promptly.
- Advanced Authentication Protocols: Two-factor authentication (2FA) should be mandatory for all users. Additionally, exchanges can adopt biometric verification and hardware security keys for added layers of protection.
- Employee Training: Many breaches occur due to human error or internal malfeasance. Regular training sessions can ensure that employees are aware of the latest security threats and best practices.
- Phishing Awareness: Exchanges should educate their users about the dangers of phishing attacks and provide guidelines on how to recognize and avoid suspicious communications.
- End-to-End Encryption: All data, especially sensitive user information and transaction details, should be encrypted both in transit and at rest.
- Withdrawal Whitelists: Allow users to set addresses that are whitelisted for withdrawals. This way, even if an account is compromised, funds can only be withdrawn to a pre-approved address.
- Threat Intelligence: Exchanges can work together to share information about potential threats, blacklisted addresses, and best practices. This collective approach can be especially effective against organised hacking groups.
- Insurance: While not a preventative measure, having an insurance policy can provide an additional layer of security and trust. In the event of a breach, insured exchanges can compensate their users, ensuring that they do not bear the brunt of any loss.
It's essential to note that no security measure is foolproof. However, by adopting a multi-layered approach to security and continuously staying updated on the latest threats and mitigation techniques, crypto exchanges can significantly reduce their vulnerability. As the industry continues to evolve, the onus is on these platforms to prioritise user safety above all else.
Stay up to speed on the latest cybersecurity trends and analysis with your subscription to Reflare's research newsletter. You can also explore some of our related articles to learn more.
Share this
- December 2024 (1)
- November 2024 (1)
- October 2024 (1)
- September 2024 (1)
- August 2024 (1)
- July 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (1)
- October 2023 (1)
- September 2023 (1)
- August 2023 (1)
- July 2023 (1)
- June 2023 (2)
- May 2023 (2)
- April 2023 (3)
- March 2023 (4)
- February 2023 (3)
- January 2023 (5)
- December 2022 (1)
- November 2022 (2)
- October 2022 (1)
- September 2022 (11)
- August 2022 (5)
- July 2022 (1)
- May 2022 (3)
- April 2022 (1)
- February 2022 (4)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (2)
- September 2021 (1)
- August 2021 (1)
- June 2021 (1)
- May 2021 (14)
- February 2021 (1)
- October 2020 (1)
- September 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (2)
- March 2020 (1)
- February 2020 (1)
- January 2020 (3)
- December 2019 (1)
- November 2019 (2)
- October 2019 (3)
- September 2019 (5)
- August 2019 (2)
- July 2019 (3)
- June 2019 (3)
- May 2019 (2)
- April 2019 (3)
- March 2019 (2)
- February 2019 (3)
- January 2019 (1)
- December 2018 (3)
- November 2018 (5)
- October 2018 (4)
- September 2018 (3)
- August 2018 (3)
- July 2018 (4)
- June 2018 (4)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (3)
- January 2018 (3)
- December 2017 (2)
- November 2017 (4)
- October 2017 (3)
- September 2017 (5)
- August 2017 (3)
- July 2017 (3)
- June 2017 (4)
- May 2017 (4)
- April 2017 (2)
- March 2017 (4)
- February 2017 (2)
- January 2017 (1)
- December 2016 (1)
- November 2016 (4)
- October 2016 (2)
- September 2016 (4)
- August 2016 (5)
- July 2016 (3)
- June 2016 (5)
- May 2016 (3)
- April 2016 (4)
- March 2016 (5)
- February 2016 (4)