Crypto sleuth debunks 3 biggest misconceptions about the FTX hack

On-chain sleuth ZachXBT has shared his findings connected what helium sees arsenic the 3 astir communal misconceptions astir the FTX hack — taking to Twitter to close a "ton of misinformation" astir the lawsuit and the imaginable culprits. 

In a lengthy Nov. 20 post connected Twitter, the self-proclaimed “on-chain sleuth” debunked speculation that Bahamian officials were behind the FTX hack, that exchanges knew the hacker's existent identity, and that the culprit is trading memecoins.

— ZachXBT (@zachxbt) November 20, 2022

On the aforesaid time that FTX's filed for bankruptcy connected Nov. 11, the crypto assemblage began flagging suspicious transactions connected wallets associated with FTX, with much than $650 cardinal transferred disconnected the wallet. 

While determination was nary authoritative culprit has been identified, a Nov. 17 connection from the Securities Commission of the Bahamas (SCB) that stated it had ordered the transportation of each integer assets of FTX to a integer wallet owned by the committee astir that clip prompted immoderate to judge the SCB was down the expected "hack." 

However, ZachXBT argued that the “0x59” wallet code associated with the hacker was a blackhat code and not affiliated with either the FTX squad oregon the SCB due to the fact that it "began selling tokens for ETH, DAI, and BNB and utilizing a assortment of bridges truthful crypto couldn't beryllium frozen connected 11/12."

"The information 0x59 was dumping tokens and bridging sporadically was precise antithetic behaviour from the different addresses who withdrew from FTX and alternatively sent to a multisig connected chains similar Eth oregon Tron,” helium added.

Zach besides notes that the blackhat wallet besides had interaction with different wallet, 0x24, which helium suggests "has precise [suspicious] behaviour on-chain utilizing sketchy services."

"This behaviour wholly differs what was said astir the Debtors moving assets to acold retention oregon Bahamian authorities moving assets to Fireblocks."

ZachXBT says his last hint was the wallet code selling Ether (ETH) for renBTC and then utilizing RenBridge, which helium says volition astir apt extremity with the funds being sent to "a mixer astatine immoderate constituent successful the future."

Blockchain analytics steadfast Chainalysis came to a akin decision successful a Nov. 20 post, noting that:

"Reports that the funds stolen from FTX were really sent to the Securities Commission of The Bahamas are incorrect. Some funds were stolen, and different funds were sent to the regulators."

FTX has besides commented connected the caller money movements, posting a informing to exchanges "that definite funds transferred from FTX Global and related debtors without authorization connected 11/11/22 are being transferred to them done intermediate wallets."

(2/2) Exchanges should instrumentality each measures to unafraid these funds to beryllium returned to the bankruptcy estate.

— FTX (@FTX_Official) November 20, 2022

ZachXBT besides highlighted the imaginable misinformation surrounding the assertion the hacker's individuality had been discovered by "Kraken oregon different exchanges."

The rumor had been circulating since Kraken's main information serviceman claimed successful a Nov.12 post that“We cognize the individuality of the user.”

Zach says "In reality" the idiosyncratic identified arsenic the hacker was apt conscionable the FTX radical securing assets to a multi-signature wallet connected Tron, utilizing Kraken owed to the FTX blistery wallet being retired of state for transactions., stating: 

"The withdrawals to these multisigs besides matched what Ryne Miller (FTX GC) had said astatine the time. This took spot hours aft the archetypal 0x59 withdrawals."

Related: FTX funds connected the determination arsenic thief converts thousands of ETH into Bitcoin

As his past point, ZachXBT took purpose astatine the rumor that the FTX hacker is trading memecoins, which was archetypal noted by blockchain analytics steadfast CertiK.

Instead, the blockchain detective claims the transfers person been "spoofed" connected the Ethereum network, citing a March blog by Etherscan assemblage member, Harith Kamarul explaining however transactions tin beryllium faked.