Block Scholes
Block Scholes 2 minutes reading from Bitcoin

FFTX Hackers on-Chain Activities

In the wake of the FTXbankruptcy and subsequent insolvency, nearly 500M of user assets were drained from the exchange's hot wallets and sequestered across the BTC and ETH blockchains.


Block Scholes on LinkedIn: FTX Hack Big Keychain, Small Blockchain

Without a link to an off-chain identity, we analysed the hackers on chain activities and took note the times of their outgoing transactions

Including all transactions does not show a clear pattern

However, not all of these transactions are the same.

The hacker sent fake ERC20 tokens to multiple addresses such as FTX and FTX US, possibly to hide their on chain timestamps with automated transactions.

Filtering those tokens, a clearly discernible pattern emerges in the hacker’s on-chain activities, with their most active hours occurring during 00:00 -16:00 UTC

These charts are not necessarily indicative of the attacker's location but instead highlight a pattern in their behaviour. A change in their transaction patterns could indicate either further automation of transactions or a physical change in the attacker’s location.

This post is based on this twitter thread.


Please login to comment.