FTX Hacker Finally Making a Move

After FTX's monumental crash and a hacker's theft of hundreds of millions, the crypto world searched for answers, and just when the trail seemed cold, unexpected activity sparked from the suspected hacker's wallet.

First Published 5th October 2023

FTX Hacker Finally Making a Move

Cash moves everything around me.

5 min read  |  Reflare Research Team

Cash is king

When FTX, one of the prominent players in the cryptocurrency arena, experienced its seismic collapse, the crypto community was left in shock. On top of that, a hacker made away with hundreds of millions of dollars, leaving only digital footprints behind. The aftermath was characterised by disbelief, investigations, and a desperate hunt for answers. But for 10 months, it seemed like the trail had gone cold. That is until some unexpected activity erupted from the wallet believed to belong to the hacker in September 2023.

What is FTX?

FTX was a cryptocurrency exchange co-founded by MIT alumni Sam Bankman-Fried and Gary Wang in 2019. Unlike typical cryptocurrency firms, FTX was known for its dealings in crypto derivatives. Wang’s experience at Google combined with Bankman-Fried's expertise in ETFs trading, giving the company a solid foundation. Their strategic moves bore fruit as FTX's valuation skyrocketed, reaching a peak of $32 billion. Its U.S. branch, FTX America, alone was valued at $8 billion after an impressive fundraising round in January 2022.

However, the fortunes of FTX began to change drastically in November 2022. In a shocking announcement, Bankman-Fried stepped down as CEO, followed by the bankruptcy news of the company. Within a week, FTX had crumbled. The sequence of events that led to this precipitous fall was a combination of internal mismanagement and external factors.

Delving deeper into the collapse, it was evident that a severe liquidity crisis had engulfed FTX, centering around the FTT token and Bankman-Fried's other trading venture, Alameda Research Company. Reports unveiled Bankman-Fried’s questionable decision to divert as much as $10 billion of FTX customer funds to Alameda. Given that a significant chunk of Alameda's assets were tied up in the FTT token, this move proved catastrophic and spurred a massive wave of withdrawals from FTX when the information came to public knowledge, driving the firm into bankruptcy.

The situation then became worse by the hacking of roughly $323 million from the company's international exchange and an additional $90 million from its US platform after they declared bankruptcy.

It's time to move

The identity of the hacker, much like the exact modus operandi of the hack, had become the stuff of legend. Drawing on information shared by CryptoPotato news platform, the first ripples were spotted when the hacker's wallet, which had been dormant and holding assets worth more than $300 million, had suddenly awakened. What's more, the wallet still retained a hefty 12.5K ETH, even after the new activity.

On closer inspection, data revealed a total of $8 million being funnelled via the RailGun privacy wallet and Thorchain, with the transfers taking place on September 30th. These funds were divided into two separate transactions, each containing 2,500 ETH valued at $4 million.

The staggering reality

The rise of cryptocurrencies promises a financial revolution, yet, as with all revolutions, there are pitfalls. Foremost among these in the crypto world are the hacks of centralised cryptocurrency exchanges, often involving staggering amounts of money. From the nascent days of Bitcoin to the proliferation of altcoins, security breaches have been a lingering menace. Recent estimates suggest that annual losses from such hacks range between $3 billion to a whopping $14 billion.

Centralised cryptocurrency exchanges, often likened to traditional banks, act as intermediaries for users wanting to trade or purchase cryptocurrencies. The irony here is palpable – a decentralised currency system yet heavily reliant on centralised platforms. And as we delve deeper into some of the most significant breaches, collated by RankFi, it becomes evident that even the giants in this arena are not invincible.

- Coincheck ($532M, 2018): The Tokyo-based Coincheck was once proud of its robust security mechanisms. However, the whopping loss of $532 million, primarily in NEM currency, shattered this image. Hackers used malware and phishing tactics to break into user hot wallets, demonstrating the ingenuity of cyber-criminals. The silver lining here was Coincheck's decision to refund all affected users in the aftermath.

- Mt. Gox ($480M, 2014): This Tokyo exchange was once the titan of Bitcoin trading, handling 70% of all Bitcoin transactions worldwide. Yet, it became a cautionary tale when $480 million worth of Bitcoin was purloined. The intricate hack involved manipulating Bitcoin prices with counterfeit coins and exfiltrating funds from hot wallets.

- FTX ($415M, 2022): Recent and still shrouded in mystery, the FTX breach has shocked the crypto world. Speculations are rife about the possibility of an inside job, and as investigations are underway, the crypto community remains on tenterhooks.

- KuCoin ($281M, 2020): Situated in Singapore, KuCoin's hack was another major blow to the crypto community. The lack of clarity regarding the cause of this breach only compounds the anxiety for many users. Fortunately, insurance came to the rescue, providing refunds.

- Bitmart ($196M, 2021): A grim tale of stolen private keys and $196 million lost. Despite promises of refunds, BitMart users are still in the dark, accentuating the importance of transparency in crisis management.

- Bitgrail ($146M, 2018): This breach stands out due to its shocking revelation - the founder of Bitgrail, operating under the pseudonym F. F., is suspected to be the mastermind behind this massive theft.

- Liquid ($97M, 2020): Yet another tale of a phishing exploit. Hackers, with their ever-evolving techniques, managed to breach Liquid’s internal network, leading to substantial losses.

- AscendEx ($77M, 2021): The vulnerability of hot wallets was again exposed in this breach, reminding us of the dangers of online storage.

- Bitfinex ($71M, 2016): Despite its touted multi-signature wallet security feature, Bitfinex fell prey to hackers. The only saving grace was the subsequent apprehension of the perpetrators.

- Zaif ($60M, 2018): The delay in detecting the breach at Zaif resulted in significant losses. Thankfully, an acquisition led to full refunds for affected users.

- Binance ($40M, 2019): Last but not least, Binance's loss, although insured, reiterated that hackers employ a plethora of techniques, from phishing to viruses, making security a constant challenge.

Why crypto exchanges might be neglecting cybersecurity

While the security breaches outlined above are alarming, the root causes of such vulnerabilities extend beyond mere technical challenges. A key distinction between cryptocurrency exchanges and traditional financial platforms lies in the realm of regulation. Traditional financial institutions, such as banks and stock exchanges, are bound by stringent regulations and oversight that mandate rigorous security measures. These regulations are the product of decades, if not centuries, of financial evolution, lessons learned from past mistakes, and governments' obligations to protect their citizens' assets.

In contrast, the world of cryptocurrency, being relatively nascent, lacks the comprehensive regulatory framework that surrounds traditional financial systems. Many countries are still grappling with how to define, let alone regulate, cryptocurrencies. This regulatory void can lead to a laissez-faire attitude among some crypto exchanges, where the absence of clear legal mandates might mean that robust cybersecurity measures are viewed more as optional than obligatory.

Furthermore, the rapid growth and immense profitability of the cryptocurrency sector have led to a rush of exchanges setting up shop to capitalise on the booming market. In the hurry to capture market share and generate profits, some exchanges may cut corners on security or fail to invest adequately in cybersecurity infrastructure and expertise.

However, it's important to note that not all crypto exchanges are cavalier about security. Many of the industry's leading platforms have invested significantly in safeguarding their systems, often employing cutting-edge technologies and security experts to ensure the protection of their users' assets. But as long as there exists a disparity in regulatory expectations between traditional and crypto platforms, vulnerabilities may persist.

Best practices and innovative measures

The challenges facing crypto exchanges in terms of security are significant, but they are not insurmountable. As the industry matures, several best practices and innovative solutions have emerged to safeguard exchanges and their users. Here are some of the leading measures that crypto exchanges can adopt:

- Multi-Signature Wallets: One of the foundational measures for securing crypto assets is the use of multi-signature wallets. These require multiple private keys to authorise a transaction, ensuring that even if one key is compromised, the assets remain safe.

- Cold and Hot Wallets: By storing the majority of funds in cold wallets (offline storage) and only a minimal amount in hot wallets (online storage), exchanges can significantly reduce their exposure to online hacks.

- Regular Security Audits: Exchanges should undergo frequent and comprehensive security audits by reputable third-party firms. This ensures that potential vulnerabilities are identified and addressed promptly.

- Advanced Authentication Protocols: Two-factor authentication (2FA) should be mandatory for all users. Additionally, exchanges can adopt biometric verification and hardware security keys for added layers of protection.

- Employee Training: Many breaches occur due to human error or internal malfeasance. Regular training sessions can ensure that employees are aware of the latest security threats and best practices.

- Phishing Awareness: Exchanges should educate their users about the dangers of phishing attacks and provide guidelines on how to recognize and avoid suspicious communications.

- End-to-End Encryption: All data, especially sensitive user information and transaction details, should be encrypted both in transit and at rest.

- Withdrawal Whitelists: Allow users to set addresses that are whitelisted for withdrawals. This way, even if an account is compromised, funds can only be withdrawn to a pre-approved address.

- Threat Intelligence: Exchanges can work together to share information about potential threats, blacklisted addresses, and best practices. This collective approach can be especially effective against organised hacking groups.

- Insurance: While not a preventative measure, having an insurance policy can provide an additional layer of security and trust. In the event of a breach, insured exchanges can compensate their users, ensuring that they do not bear the brunt of any loss.

It's essential to note that no security measure is foolproof. However, by adopting a multi-layered approach to security and continuously staying updated on the latest threats and mitigation techniques, crypto exchanges can significantly reduce their vulnerability. As the industry continues to evolve, the onus is on these platforms to prioritise user safety above all else.

Stay up to speed on the latest cybersecurity trends and analysis with your subscription to Reflare's research newsletter. You can also explore some of our related articles to learn more.

Subscribe by email