The perpetrator of one of many largest exploits in crypto historical past is swapping tons of of hundreds of thousands in ether for bitcoin. Why?

The crypto change FTX and Alameda Analysis confronted its downfall in November 2022. Amid the chaos of the collapse, an unknown attacker managed to steal upwards of $500 million in digital property. On the time of the assault, the funds had been unfold between over a dozen ancillary addresses. There, they remained largely dormant till final week. 

The attacker started transferring sums of ether (ETH) to new addresses beginning on Sept. 30. The vast majority of these funds have since been used on the cross-blockchain liquidity protocol ThorSwap to change native ETH for native bitcoin (BTC).

ThorSwap introduced Friday morning that it had “transitioned the interface into upkeep mode” till a “extra everlasting and sturdy answer could be carried out.” In response, the FTX attacker started leveraging Threshold Community to proceed to switch funds between ETH and BTC. A complete of $125 million had been swapped as of Friday, per analyst Lookonchain. The swaps look like ongoing. 

The habits is considerably uncommon for an attacker. Historically, one of many first strikes is to switch funds in a way that obfuscates the on-chain path. Strategies usually embrace utilizing mixers like Twister Money or cross-chain bridges just like the now-defunct Ren, which inadvertently act as mixers.

ThorSwap, in contrast, is absolutely public, and even armchair analysts can monitor the funds swapped between the chains. This has left some query as to why the attacker would hassle with the swaps. 


Nevertheless, in keeping with quite a few safety consultants that Blockworks spoke with, swapping between chains may present the attacker with an a variety of benefits. 

The primary? Liquidity.

“There’s much more liquidity in mixers on the BTC chain than on Ethereum as of late,” 5 I’s founder Nick Bax advised Blockworks. 

Since being added to the OFAC Specifically Designated Nationals record, the once-popular Twister Money mixer has seen a decline in exercise. As of June, it’s processing simply $6 million in deposits and withdrawals per day, in keeping with a Dune Analytics dashboard. Whereas there are nonetheless different privateness instruments on Ethereum, akin to Railgun, they merely lack the mandatory liquidity to obfuscate the massive sums the attacker stole. 

“While you ship numerous liquidity right into a mixer, the mixer begins to offer you again your individual liquidity – if the mixer doesn’t have liquidity, it is going to simply provide you with again soiled cash immediately,” defined Igor Information, CEO of BLIN.Company. 

Other than opening up new avenues for cleansing soiled funds, swapping of chains creates complications for investigators, says BLIN’s Information. 

Whereas probabilistic algorithms, statistical evaluation, and AI will help investigators monitor funds by way of mixers, there’s a excessive deal of guide work concerned and switching between chains provides complexity, even when there’s relative transparency.

In the end, it creates disproportionate work between the hunter and the hunted. 

“The chasing social gathering has to place rather more effort than the blending social gathering. In two years or 5 years it could be tracked anyway, however the objective of the perpetrator is to win time,” Information concluded.

Don’t miss the subsequent huge story – be part of our free each day e-newsletter.

Observe Sam Bankman-Fried’s trial with the newest information from the courtroom

Supply hyperlink


Please enter your comment!
Please enter your name here