According to on-chain tracking, dormant wallet addresses associated with last December’s FTX hack have suddenly sprung to life, shuffling around millions in stolen Ethereum. The reason for the unexpected activity is unclear, but it serves as a stark reminder that the perpetrator behind the brazen FTX theft remains at large and unafraid to access their plunder.
What you'll learn 👉
Hacker Wallet Springs Back to Life
According to on-chain data aggregators like Wu Blockchain and Spot on Chain, the wallet address associated with the FTX hacker – 0x3e957 – has become active again starting September 30th, 2022.
On that day, the hacker wallet moved 2,500 ETH ($4.2 million at current prices) to new addresses – the first activity observed from this wallet since the FTX debacle last December. In total, this address still controls 12,500 ETH leftover from the exploit.
Millions in ETH On the Move
Over the next 24 hours, the hacker continued transferring funds in larger amounts. An additional 2,500 ETH was moved, bringing the total transfers to 5,000 ETH ($8.4 million).
Across all associated wallet addresses, the FTX hacker still holds 180,735 ETH, worth over $302.5 million as of October 1st.
According to on-chain forensics, the hacker sent 10,250 ETH through 5 different wallets in the past day. Of that amount, 7,749 ETH was bridged to the Thorchain decentralized exchange to swap for other assets. Another 2,500 ETH was traded for 153.4 tBTC (valued at around $5.1 million).
While the hacker appears to be cashing out or laundering some proceeds, a majority of funds remain untouched in the original wallets. The renewed activity may signal an attempt to cash out or mix these holdings before authorities can recover them.
Here are some potential effects or implications of the FTX hacker moving their funds:
- Cashing Out – The hacker may be trying to cash out some of their proceeds from the exploit before authorities can recover the funds. Moving to exchanges allows them to trade the ETH for fiat or more privacy-focused cryptocurrencies.
- Money Laundering – By bridging assets to DEXs like Thorchain and repeatedly trading and moving funds, the hacker can effectively “launder” the stolen ETH to cover their tracks and obscure the money trail. This makes it harder for investigators to trace the funds.
- Preparing for On-Chain Forensics – The hacker may be consolidating funds and moving them around to get ahead of impending on-chain analysis. By shuffling funds now, it creates a complex web of transactions that makes future tracking of the hacker’s wallets more difficult.
- Impact on ETH Price – Large amounts of ETH being sold on exchanges could potentially depress ETH’s price in the short-term as the hacker liquidates their holdings. However, the overall market impact may be limited.
- Renewed Scrutiny of FTX Collapse – The movement of hacker funds brings the FTX debacle back into the spotlight months later. It may spur investigators and lawyers to ramp up efforts to trace the stolen funds before they disappear.
- Warning to Crypto Industry – The ability of the funds to sit for almost a year before being moved shows exploits can go unpunished if crypto firms don’t proactively monitor hacker wallets and have a plan to seize funds. More diligence may be needed to prevent this in the future.
We recommend eToro
Wide range of assets: cryptocurrencies alongside other investment products such as stocks and ETFs.
Copy trading: allows users to copy the trades of leading traders, for free.
User-friendly: eToro’s web-based platform and mobile app are user-friendly and easy to navigate.