Main navigation

FTX Attacker Moving Funds to Bitcoin (BTC) Mixer: Statistics

Sat, 11/26/2022 - 15:36
article image
Vladislav Sopov
360 Bitcoins (BTC) or over $6 million in equivalent being laundered through ChipMixer
FTX Attacker Moving Funds to Bitcoin (BTC) Mixer: Statistics
Cover image via
Read U.TODAY on
Google News

Reputable anonymous cryptocurrency analyst ZachXBT has tracked the path of Bitcoins (BTC) stolen from the now-defunct exchange FTX after its collapse. What is special about the mixing service used by the FTX hacker?

Bitcoins (BTC) from FTX are on run, ZachXBT says

In a recent tweet, analyst ZachXBT mentioned that the first batch of Bitcoins — 360 BTC — from the FTX hack are moved for laundering on ChipMixer, a mainstream Bitcoin (BTC) blender.

Such services are used to obfuscate the ownership of cryptocurrencies. Typically, hackers leverage them to launder stolen funds and make it impossible for AML services to track them.

A large portion of the stolen Bitcoins (BTC) were moved through Ren Protocol (REN). In a report on the Chainabuse platform, ZachXBT shared the details of dozens of addresses on Bitcoin (BTC), Ethereum (ETH), Solana (SOL) and Polygon Network (MATIC) that are used by the FTX hacker.

As covered by U.Today previously, hackers drained $477 million in equivalent from FTX and its U.S. arm shortly after the bankruptcy of the exchange.

FTX Hacker Moves $199 Million Worth of Ethereum (ETH) to Different Wallets

In a "peel chain" transaction pattern, Ethereums (ETH) from FTX are distributed between various addresses, CertiK cybersecurity analysts noticed.

U.S. government undercover operation?

Another prominent analyst @FatManTerra shared his theory about the ChipMixer service. He claims that it might be run by U.S. governmental agencies to crack Bitcoin (BTC) privacy and deanonymize transfers.

The analyst highlighted that despite the crackdown on Tornado Cash, ChipMixer still operates openly. Running such a centralized service is highly illegal. Meanwhile, its owners, whoever they might be, have a huge amount of information about the transactions.

By printing time, one of the most popular ChipMixer domains is labeled by MetaMask Phishing Detection as a website from CryptoScamDB. The service restricts access to ChipMixer as it can compromise visitors' security.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (, Monoreto, Attic Lab etc.)