Are you curious how the FTX Accounts Drainer (aka the “hacker”) drained funds but need help navigating Etherscan? In today’s feature, you will learn the transactions’ ins and outs, and Etherscan links will be provided for your hands-on practice.
1. All hacked funds (mostly altcoins) were consolidated into one address —0x59abf3837fa962d6853b4cc0a19513aa031fd32b. This address is now tagged as the “FTX Accounts Drainer”.
https://etherscan.io/address/0x59abf3837fa962d6853b4cc0a19513aa031fd32b
Transaction records:
https://etherscan.io/tokentxns?a=0x59abf3837fa962d6853b4cc0a19513aa031fd32b&p=16
https://etherscan.io/tokentxns?a=0x59abf3837fa962d6853b4cc0a19513aa031fd32b&p=17
Below is what we call a spoofed token in the Ethereum network, simply ignore all these transations. FTX Accounts Drainer himself did not create the ‘spoofing’ token smart contract, and so did the following transaction. The transfer functions of the smart contract can be modified to allow any arbitrary address to be the token's sender, making the transactions seem legit. Fake transaction records:
2. FTX Accounts Drainer started to swap all the hacked altcoins into ETH. Check out the Uniswap (UNI) transaction; for example, a total of 8003 + 2104 + 5475 = 15,582 ETH was swapped from UNI using CoW Protocol and Uniswap.
https://etherscan.io/tx/0xc5475d0026b74e567ba9fe6b2301e8c8760bcc27670a3fe3e5c984fb3568d153
Other altcoins transactions:
3. Regarding the Paxos Gold (PAXG) transactions, it seems Uniswap only allows swapping a maximum of 1,000 PAXG per transaction. PAXG transfer comes with 0.2% on-chain transaction fees; that’s why a 0.2 PAXG transaction follows suit.
After swapping a large portion of PAXG, FTX Accounts Drainer’s wallet was finally frozen and unable to swap anymore. There is still $14.25M worth of PAXG left in the wallet.
4. Two days later, FTX Accounts Drainer began to move all the hacked funds into this wallet.
5. Sitting still for a few days, the funds started moving out to 2 wallets on 20th November.
0x866EeEcd1F248d1a0a2e0263F13594a6B8B7c01A – 50,000 ETH (Now left with 9.72ETH)
https://etherscan.io/address/0x866eeecd1f248d1a0a2e0263f13594a6b8b7c01a
0x8059c2B8fF915eC4B615c95e719861f269d68aDa - 15,000 ETH (Now left with 0.95ETH)
https://etherscan.io/address/0x8059c2b8ff915ec4b615c95e719861f269d68ada
All the ETH was swapped for renBTC, one of the ERC-20 bitcoins that live on the Ethereum blockchain. Coincidentally, renBTC was somehow linked to the now-bankrupt Alameda Research. The hacked funds were bridged to the Bitcoin mainnet.
ETH:
https://etherscan.io/tx/0xfcad8bcf21dbf045919655b0fbfdf2fe383d1c3360368c19f575505f5718473a
BTC:
https://www.blockchain.com/btc/address/bc1qaq09p8qy97pf9rhnwtxvj7htqhmyejvv6n0702?page=4
The large sum of bitcoin was split into multiple addresses using a money laundering technique known as “peel chain”.
https://www.blockchain.com/btc/address/bc1qaq09p8qy97pf9rhnwtxvj7htqhmyejvv6n0702?page=2
Illustration of peel chain
Last but not least, FTX Accounts Drainer distributed the funds into 12 different addresses with 15,000 ETH each, a total of 180,000 ETH (~$196M).
A Nansen Portfolio of these wallets is created for your perusal: https://portfolio.nansen.ai/dashboard/APE-K8TA65
ETH’s price has continued falling since the first sale on 20th November. The 180,000ETH is like the ticking time bomb that haunted all crypto investors, but sadly, there isn’t anything we can do now to stop this madness.
The founder of Binance, Zhao Changpeng (CZ), recently resigned and pleaded guilty to violating the Banking Secrecy Act. Despite posting a $175 million bail, CZ remains in the United States.
JoyWall Street Memes swiftly responds to a Discord cyber attack by launching the Discord Hack Relief Fund, airdropping $46,000 in $WSM tokens to compensate victims. Those submitting claims by November 17 receive a 1:1 refund for compromised wallet funds, with the community expressing gratitude on Telegram. The team also introduces the Wall Street Memes Casino Loyalty Program and teases the upcoming Wall Street Casino Affiliate Program, set to launch next week.
JixuExploring the aftermath of Nigeria's $246,153 crypto theft: arrests, recovery efforts, and the broader implications in the digital sphere.
Hui XinAmidst escalating legal tensions, former Binance CEO Changpeng "CZ" Zhao fights against the US government's efforts to impede his return to the UAE.
Hui XinBRICS nations are spearheading a strategic de-dollarisation movement, challenging the long-standing dominance of the US dollar in global trade and signalling a transformative shift in the traditional financial order.
JasperFormer SEC Chair Jay Clayton's surprising endorsement of cryptocurrency, despite past legal clashes with Ripple, prompts Ripple CEO Brad Garlinghouse to question the sincerity of Clayton's newfound support, raising concerns about potential inconsistencies in his evolving stance.
JasperThe move follows the Japanese government's recent revision of the Payment Services Act on June 3, 2023, which aims to regulate stablecoins.
DavinKimsuky, a North Korean hacking group, employs tactics to target South Korean officials in a cryptocurrency theft scheme, prompting a surge in cybersecurity measures.
Hui XinNorse Atlantic Airways takes a bold step towards greener skies, leveraging AI robots for aircraft maintenance to reduce fuel consumption, recycle glycol, and expedite inspections by 90%.
JasperThe Japanese National Tax Agency (NTA) reveals an increase in crypto tax violations, with 548 cases identified out of 615 inquiries in the fiscal year 2022. Although the average undeclared income per case dropped to $206,000, the cumulative value rose to $126.5 million, prompting calls for tax system reforms in Japan amid criticisms of the current structure's impact on firms holding coins.
Jixu