In recent months cryptocurrencies have suffered massive fluctuations in value as the usually stable leader Bitcoin value has dropped below $US17,000 ($F37,836) from an alltime high of $US68,000 ($F151,345) just over a year ago.
Part of this is attributed to the war in Ukraine and other geopolitics as large countries such as China, India and others have moved to regulate, restrict and even ban the use of Bitcoin and Bitcoin mining.
This seems like a typical knee jerk reaction by governments to things you can’t monitor, control or more importantly tax! As a Wired.com article recently reported cryptocurrency, with its aura of anonymity, has always offered a strange mix of temptations and challenges for anyone trying to steal it.
As digital cash, held in multibillion-dollar sums on hackable, internet-connected networks, it presents a lucrative target. But once it’s stolen, the blockchains that almost every cryptocurrency is built on make it possible to follow that money’s every movement and, very often, to identify the thieves.
So after a massive heist pulled nearly half a billion dollars’ worth of funds out of the already collapsing FTX cryptocurrency exchange recently, the world’s crypto tracers are now closely tracking where that loot ends up – and looking for any clues that reveal the thief to be an FTX insider or just an opportunistic hacker.
Last week, just hours after the major cryptocurrency exchange FTX had filed for bankruptcy in the wake of its epic, 10-figure collapse, FTX’s remaining funds were drained of more than $US663 million ($F1.4b) worth of cryptocurrency, much of which appears to have been stolen.
“FTX has been hacked,” wrote an administrator in FTX’s Telegram channel.
“FTX apps are malware. Delete them.” Exactly how FTX might have been breached – and whether its apps are, in fact, compromised – is far from clear, and FTX hasn’t officially announced any theft.
But the company’s US general counsel wrote in a tweet that “unauthorised access to certain assets has occurred”.
Soon, the crypto-tracing and blockchain analysis firm Elliptic revealed that the $US663 million outflow seemed to be a combination of FTX’s movement of coins into its own storage wallets and a mysterious theft.
According to Elliptic, fully $US477 million ($F1.06b) of the funds appear to have been stolen, though another crypto-tracing firm, TRM Labs, puts the number at $338 million.
Twenty-four hours after the theft, most of that money had moved into just a handful of cryptocurrency addresses – where the entire cryptotracing industry, a vast community of amateur crypto sleuths, and no doubt law enforcement agencies around the globe are now all watching it with an unblinking gaze.
That observability, for the FTX funds and for other stashes of stolen crypto, presents a serious challenge for any thief trying to cash out their haul into traditional (fiat) currency.
In this case, where regulators and an army of aggrieved creditors are looking for any sign that FTX’s staff or owners may themselves be the culprits, it could ultimately help confirm that insiders were responsible for the theft – or instead show that external hackers took advantage of the chaos at FTX to pull off a burglary.
“We’re definitely watching the movements of these funds,” says Chris Janczewski, the head of investigations at TRM Labs and a former special agent at the IRS’s criminal investigations division.
“This potential thief has hundreds of millions of dollars. But it’s like they went into a bank, took as much cash as they could carry, and then the dye packs went off. They’ve got all this money, but now everyone knows it’s connected to this bank robbery. What can you actually do with it?”
According to Elliptic’s analysis, at least $220 million of funds stolen in the form of a variety of cryptocurrencies were quickly traded through decentralised exchanges – trading platforms that allow users to swap coins without giving identifying information – to convert them into the cryptocurrencies ether and dai.
But cashing out those coins and the rest of the stolen loot will likely require trading it on a centralised exchange, which almost always requires users to hand over identifying information.
The thieves may try to put the money through a “mixing” service that launders the coins by blending them with those of other users. But cryptotracing blockchain analysts have proven they can often defeat those mixers – particularly when users are feeding very large sums into them.
And some mixers, like the Tornado Cash service that was sanctioned by the US Treasury in August, render cryptocurrency untouchable for many exchanges or vulnerable to seizure.
That means it will be very difficult for the thieves to abscond with their profits in a spendable form without being identified, says Michelle Lai, a cryptocurrency privacy advocate, investor, and consultant who says she’s been tracking the movements of the stolen FTX funds with “morbid fascination.”
But the real question, Lai says, is whether identifying the thieves will offer any recourse: After all, many of the most prolific cryptocurrency thieves are Russians or North Koreans operating in nonextradition countries, beyond the reach of Western law enforcement.
“It’s not a question of whether they’ll know who did it. It’s whether it will be actionable,” says Lai.
“Whether they’re onshore.”
The looting of FTX – whether the theft totals $338 million or $477 million – hardly represents an unprecedented haul in the world of cryptocurrency crime.
In the late-March hack of the Ronin bridge, a gaming cryptocurrency exchange, North Korean thieves took $US540 million ($F1.2b).
And earlier this year, cryptocurrency tracing led to the bust of a New York couple accused of laundering $US4.5 billion ($F10b) in cryptocurrency!
But in the case of the high-profile FTX theft and the exchange’s overall collapse, tracing the errant funds might help put to rest – or confirm – swirling suspicions that someone within FTX was responsible for the theft.
The company’s Bahamas-based CEO, Sam Bankman-Fried, who resigned last Friday, lost virtually his entire $US16b ($F35.6b) fortune in the collapse.
According to an unconfirmed report from Coin- Telegraph, he and two other FTX executives are “under supervision” in the Bahamas, preventing them from leaving the country.
Reuters also reported late last week that Bankman-Fried possessed a “back door” that was built into FTX’s compliance system, allowing him to withdraw funds without alerting others at the company.
Despite those suspicions, TRM Labs’ Janczewski points out that the chaos of FTX’s meltdown might have provided an opportunity for hackers to exploit panicked employees and trick them into, say, clicking on a phishing email.
Or, as Michelle Lai notes, bankrupted insider employees might have collaborated with hackers as a means to recover some of their own lost assets.
As the questions mount over whether – or to what degree – FTX’s own management might be responsible for the theft, the case has begun to resemble, more than any recent crypto heist, a very old one: the theft of a half billion dollars’ worth of Bitcoins, discovered in 2014, from Mt. Gox, the first cryptocurrency exchange.
In that case, blockchain analysis carried out by cryptocurrency tracing firm Chainalysis, along with law enforcement, helped to pin the theft on external hackers rather than Mt. Gox’s own staff.
Eventually, Alexander Vinnik, a Russian man, was arrested in Greece in 2017 and later convicted of laundering the stolen Mt. Gox funds, exonerating Mt. Gox’s embattled executives. Whether history will repeat itself, and cryptocurrency tracing will prove the innocence of FTX’s staff, remains far from clear.
But as more eyes than ever scour the cryptocurrency economy’s blockchains, it’s a surer bet that the whodunit behind the FTX theft will, sooner or later, produce an answer. It certainly provides all the spicy ingredients for a great Hollywood blockbuster movie!
As some financial expert observed: “At its core, Bitcoin is a smart currency, designed by very forward-thinking engineers. It eliminates the need for banks, gets rid of credit card fees, currency exchange fees, money transfer fees, and reduces the need for lawyers in transitions… all good things. “ God bless and stay safe in both digital and physical worlds this weekend.
• ILAITIA B. TUISAWAU is a private cybersecurity consultant. The views expressed in this article are his and are not necessarily shared by this newspaper. Mr Tuisawau can be contacted on ilaitia@ cyberbati.com