Exchange Watch

FTX Hacker Still Draining Exchange Wallets. Analyst Calls It On-Chain Spoofing


The FTX hacker managed to steal $477 million out of the $650 million moved on-chain on Nov.11 and currently holds $62 million in total assets.

The FTX hacker that drained over $450 million worth of assets just moments after the doomed crypto exchange filed for bankruptcy on Nov. 11, continues to drain assets from the exchange, four days after the hack was first flagged.

Crypto analytic firm Certik in a Tweet noted that the hacker wallet is still draining crypto assets from the wallets associated with the FTX and FTX.US. The FTX hacker wallet currently holds $62 million worth of assets.

Since Nov. 12 the hacker wallet has received and swapped 3.2 billion meme tokens and sent 2.8 billion of these tokens to popular addresses. These meme tokens mostly comprised profanity tokens such as FTX Sucks, F*ck FTX, CRO Next and more.

Meme tokens sent and received by FTX exploit address. Source: Certik

A crypto analyst who goes by the Twitter name of ZachXBT claimed the recent movement of funds is just on-chain token spoofing. The analyst claimed that Etherscan transfer logs can be spoofed and the recent movement of funds in the FTX hack saga is one example of that.

The ERC-20 standard transfer and transferFrom functions can be modified to allow any arbitrary address to be the sender of tokens, as long as this is specified within the smart contract, resulting in a token being transferred from a different address than the one that initiated the transaction.

Stay in the know on crypto by frequently visiting Crypto News Today

These tokens can be sent to any address and then sent out of that address (to any other address), without the address owner having any control of those tokens. If you open the transaction and see “sent from,” it will show a different address.

As Cointelegraph reported on Nov, 12, the hack was flagged right after FTX announced bankruptcy. At the time, out of the $663 million drained, around $477 million were suspected to be stolen, while the remainder is believed to be moved into secure storage by FTX themselves.

The wallet owner was found swapping $26 million Tether (USDT) to Dai (DAI) via 1inclh and approved Pax Dollar (USDP) — a Paxos-issued stablecoin — for trade on CoW Protocol. The wallet also approved transfers and sales of other cryptocurrencies, including Chainlink (LINK), Compound USDT (cUSDT) and Staked Ether (stETH).

The fact that hackers managed to drain assets from FTX global and FTX.US at the same time, despite these two entities being completely independent, became a hot topic of discussion raising speculations about it being an insid job

Certik’s director of security operations Hugh Brooks told Cointelegraph that on-chain evidence points strongly toward that possibility:

“Sticking to onchain evidence, unless there was a private key compromise (of which there is no evidence of at current) then we can’t rule out that someone with access to the FTX Exchange and FTX US wallets moved the funds into the black hat wallets”

Kraken’s chief security officer Nick Percoco later Tweeted that they were aware of the user’s identity but did not share any more information publicly. Certik told Cointelegraph that Percoco might be referring to the white hack involved in moving the funds to cold wallets.

Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.

Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
MATIC – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
LITECOIN – ltc1qxsgp5fykl0007hnwgl93zr9vngwd2jxwlddvqt

You may also like