On-chain sleuth ZachXBT has shared his findings on what he sees because the three most typical misconceptions concerning the FTX hack — taking to Twitter to right a “ton of misinformation” concerning the occasion and the potential culprits.
In a prolonged Nov. 20 submit on Twitter, the self-proclaimed “on-chain sleuth” debunked hypothesis that Bahamian officers have been behind the FTX hack, that exchanges knew the hacker’s true id, and that the offender is buying and selling memecoins.
1/ I’ve seen a ton of misinformation being unfold on Twitter and within the information concerning the FTX occasion so let me debunk the three most typical issues I’ve seen
“Bahamian officials are behind the FTX hack”
“Exchanges know who the hacker is”
“FTX hacker is trading meme coins” pic.twitter.com/IAtHnpJI44
— ZachXBT (@zachxbt) November 20, 2022
On the identical day that FTX filed for chapter on Nov. 11, the crypto group started flagging suspicious transactions on wallets related to FTX, with greater than $650 million transferred off the pockets.
While there was no official offender has been recognized, a Nov. 17 assertion from the Securities Commission of the Bahamas (SCB) that acknowledged it had ordered the switch of all digital property of FTX to a digital pockets owned by the fee round that point prompted some to consider the SCB was behind the supposed “hack.”
However, ZachXBT argued that the “0x59” pockets tackle related to the hacker was a blackhat tackle and never affiliated with both the FTX group or the SCB as a result of it “started promoting tokens for ETH, DAI, and BNB and utilizing a wide range of bridges so crypto could not be frozen on 11/12.”
“The truth 0x59 was dumping tokens and bridging sporadically was very completely different conduct from the opposite addresses who withdrew from FTX and as a substitute despatched to a multisig on chains like Eth or Tron,” he added.
Zach additionally notes that the blackhat pockets additionally had contact with one other pockets, 0x24, which he suggests “has very [suspicious] conduct on-chain utilizing sketchy providers.”
“This conduct utterly differs what was stated concerning the Debtors shifting property to chilly storage or Bahamian authorities shifting property to Fireblocks.”
ZachXBT says his closing clue was the pockets tackle promoting Ether (ETH) for renBTC after which utilizing RenBridge, which he says will most definitely finish with the funds being despatched to “a mixer in some unspecified time in the future sooner or later.”
Blockchain analytics agency Chainalysis got here to the same conclusion in a Nov. 20 submit, noting that:
“Reports that the funds stolen from FTX have been truly despatched to the Securities Commission of The Bahamas are incorrect. Some funds have been stolen, and different funds have been despatched to the regulators.”
FTX has additionally commented on the current fund actions, posting a warning to exchanges “that sure funds transferred from FTX Global and associated debtors with out authorization on 11/11/22 are being transferred to them by intermediate wallets.”
(2/2) Exchanges ought to take all measures to safe these funds to be returned to the chapter property.
— FTX (@FTX_Official) November 20, 2022
ZachXBT additionally highlighted the potential misinformation surrounding the declare the hacker’s id had been found by “Kraken or different exchanges.”
The rumor had been circulating since Kraken’s chief safety officer claimed in a Nov.12 submit that“We know the identity of the user.”
Zach says “In actuality” the person recognized because the hacker was doubtless simply the FTX group securing property to a multi-signature pockets on Tron, utilizing Kraken as a result of FTX scorching pockets being out of gasoline for transactions., stating:
“The withdrawals to those multisigs additionally matched what Ryne Miller (FTX GC) had stated on the time. This passed off hours after the preliminary 0x59 withdrawals.”
Related: FTX funds on the transfer as thief converts hundreds of ETH into Bitcoin
As his final level, ZachXBT took intention on the rumor that the FTX hacker is buying and selling memecoins, which was first famous by blockchain analytics agency CertiK.
Instead, the blockchain detective claims the transfers have been “spoofed” on the Ethereum community, citing a March weblog by Etherscan group member, Harith Kamarul explaining how transactions will be faked.
I have read your article carefully and I agree with you very much. So, do you allow me to do this?