On-chain sleuth ZachXBT has shared his findings on what he sees because the three commonest misconceptions in regards to the FTX hack — taking to Twitter to right a “ton of misinformation” in regards to the occasion and the doable culprits.
In a prolonged Nov. 20 post on Twitter, the self-proclaimed “on-chain sleuth” debunked hypothesis that Bahamian officers had been behind the FTX hack, that exchanges knew the hacker’s true id, and that the wrongdoer is buying and selling memecoins.
1/ I’ve seen a ton of misinformation being unfold on Twitter and within the information in regards to the FTX occasion so let me debunk the three commonest issues I’ve seen
“Bahamian officers are behind the FTX hack”
“Exchanges know who the hacker is”
“FTX hacker is buying and selling meme cash” pic.twitter.com/IAtHnpJI44— ZachXBT (@zachxbt) November 20, 2022
On the identical day that FTX filed for chapter on Nov. 11, the crypto group started flagging suspicious transactions on wallets related to FTX, with greater than $650 million transferred off the pockets.
Whereas there was no official wrongdoer has been recognized, a Nov. 17 assertion from the Securities Fee of the Bahamas (SCB) that said it had ordered the switch of all digital property of FTX to a digital pockets owned by the fee round that point prompted some to consider the SCB was behind the supposed “hack.”
Nonetheless, ZachXBT argued that the “0x59” pockets deal with related to the hacker was a blackhat deal with and never affiliated with both the FTX crew or the SCB as a result of it “started promoting tokens for ETH, DAI, and BNB and utilizing quite a lot of bridges so crypto could not be frozen on 11/12.”
“The very fact 0x59 was dumping tokens and bridging sporadically was very completely different habits from the opposite addresses who withdrew from FTX and as an alternative despatched to a multisig on chains like Eth or Tron,” he added.
Zach additionally notes that the blackhat pockets additionally had contact with one other pockets, 0x24, which he suggests “has very [suspicious] habits on-chain utilizing sketchy companies.”
“This habits fully differs what was mentioned in regards to the Debtors transferring property to chilly storage or Bahamian authorities transferring property to Fireblocks.”
ZachXBT says his ultimate clue was the pockets deal with promoting Ether (ETH) for renBTC after which utilizing RenBridge, which he says will almost certainly finish with the funds being despatched to “a mixer in some unspecified time in the future sooner or later.”
Blockchain analytics agency Chainalysis got here to an analogous conclusion in a Nov. 20 post, noting that:
“Experiences that the funds stolen from FTX had been really despatched to the Securities Fee of The Bahamas are incorrect. Some funds had been stolen, and different funds had been despatched to the regulators.”
FTX has additionally commented on the current fund actions, posting a warning to exchanges “that sure funds transferred from FTX World and associated debtors with out authorization on 11/11/22 are being transferred to them by means of intermediate wallets.”
(2/2) Exchanges ought to take all measures to safe these funds to be returned to the chapter property.
— FTX (@FTX_Official) November 20, 2022
ZachXBT additionally highlighted the potential misinformation surrounding the declare the hacker’s id had been found by “Kraken or different exchanges.”
The rumor had been circulating since Kraken’s chief safety officer claimed in a Nov.12 post that“We all know the id of the consumer.”
Zach says “In actuality” the consumer recognized because the hacker was possible simply the FTX group securing property to a multi-signature pockets on Tron, utilizing Kraken because of the FTX scorching pockets being out of gasoline for transactions., stating:
“The withdrawals to those multisigs additionally matched what Ryne Miller (FTX GC) had mentioned on the time. This occurred hours after the preliminary 0x59 withdrawals.”
Associated: FTX funds on the transfer as thief converts 1000’s of ETH into Bitcoin
As his final level, ZachXBT took intention on the rumor that the FTX hacker is trading memecoins, which was first noted by blockchain analytics agency CertiK.
As a substitute, the blockchain detective claims the transfers have been “spoofed” on the Ethereum community, citing a March weblog by Etherscan group member, Harith Kamarul explaining how transactions will be faked.