FTX Attacker Moving Funds to Bitcoin (BTC) Mixer: Statistics
Reputable anonymous cryptocurrency analyst ZachXBT has tracked the path of Bitcoins (BTC) stolen from the now-defunct exchange FTX after its collapse. What is special about the mixing service used by the FTX hacker?
Bitcoins (BTC) from FTX are on run, ZachXBT says
In a recent tweet, analyst ZachXBT mentioned that the first batch of Bitcoins — 360 BTC — from the FTX hack are moved for laundering on ChipMixer, a mainstream Bitcoin (BTC) blender.
Update: FTX attacker has started using ChipMixer to launder the funds (so far ~360 BTC) https://t.co/xuiCaajnh8 https://t.co/qsSJs8d8OV
— ZachXBT (@zachxbt) November 25, 2022
Such services are used to obfuscate the ownership of cryptocurrencies. Typically, hackers leverage them to launder stolen funds and make it impossible for AML services to track them.
A large portion of the stolen Bitcoins (BTC) were moved through Ren Protocol (REN). In a report on the Chainabuse platform, ZachXBT shared the details of dozens of addresses on Bitcoin (BTC), Ethereum (ETH), Solana (SOL) and Polygon Network (MATIC) that are used by the FTX hacker.
As covered by U.Today previously, hackers drained $477 million in equivalent from FTX and its U.S. arm shortly after the bankruptcy of the exchange.
In a "peel chain" transaction pattern, Ethereums (ETH) from FTX are distributed between various addresses, CertiK cybersecurity analysts noticed.
U.S. government undercover operation?
Another prominent analyst @FatManTerra shared his theory about the ChipMixer service. He claims that it might be run by U.S. governmental agencies to crack Bitcoin (BTC) privacy and deanonymize transfers.
🧵 Today, I'm sharing my long-standing theory behind a US government covert operation designed to partially crack Bitcoin privacy and deanonymize transactions. I believe that popular Bitcoin mixer ChipMixer is actually a United States government honeypot. Here's why.
— FatMan (@FatManTerra) November 23, 2022
The analyst highlighted that despite the crackdown on Tornado Cash, ChipMixer still operates openly. Running such a centralized service is highly illegal. Meanwhile, its owners, whoever they might be, have a huge amount of information about the transactions.
By printing time, one of the most popular ChipMixer domains is labeled by MetaMask Phishing Detection as a website from CryptoScamDB. The service restricts access to ChipMixer as it can compromise visitors' security.