(Commonwealth Union)_The troubled cryptocurrency exchange FTX was hacked for $400 million over the weekend, and at least one blockchain expert believes the evidence points to a high-level insider who made an amateur mistake that may have unwittingly revealed their name. Dyma Budorin, co-founder and CEO of blockchain security auditing firm Hacken, stated Monday in an interview with CoinDesk TV that the attacker “had access to all the cold wallet storages which he exploited”.
Hacken studied blockchain transactions and discovered that the looter attempted to send tether (USDT) stablecoin on the Tron blockchain many times but failed due to a lack of TRX, the Tron network’s native currency, in the wallet to cover transaction costs. To hide the transaction, the looter utilised their verified personal account on crypto exchange Kraken to pay 500 TRX to the compromised wallet address. “He made a dumb error,” Budorin noted.
Because of Kraken’s “know-your-customer” (KYC) safeguards and verification process, which are part of the anti-money-laundering compliance standards, the exchange knew who owned the personal wallet from which the TRX was received, disclosing the identity behind the exploit. According to Budorin, Hacken promptly alerted Kraken’s security team about the transaction.
“We know the user’s identity,” said Nick Percoco, chief security officer of crypto exchange Kraken, in a tweet Saturday. Percoco also stated that FTX or the exchange’s founder and former CEO, Sam Bankman-Fried, will issue an official statement.
According to Budorin, the hack proved that FTX’s cold wallet management was “extremely inadequate”.
Late Friday night, FTX was hacked, resulting in over $600 million in digital assets fleeing the exchange’s wallets in a frenzy of withdrawals. FTX’s new CEO, John Ray, admitted that the exchange had been “compromised” and stated that the company was taking “precautionary steps…to mitigate harm upon seeing unlawful transactions”. Hacken discovered that one entity, who Budovin assumes is an insider, stole approximately $400 million from the exchange.
Given access to FTX’s cold wallets, new data about the exploit sparked conjecture on crypto Twitter that FTX owner Sam Bankman-Fried or someone in his tight circle could have been behind the exploit.
When asked if Bankman-Fried was the owner of the compromised wallet from which the attack was derived, Budorin stated that “this is sensitive information”, but added that the wallet’s owner is a US citizen. Budorin did not respond to CoinDesk’s request for additional comment at the time of publication on how he received information on the hacker’s citizenship and whether Kraken disclosed any personal data about the account’s holder with Hacken.
According to an email from a Kraken spokeswoman, the exchange is “in communication with law enforcement, and has frozen Kraken account access to some money we think to be involved with ‘fraud, carelessness, or misconduct’ relating to FTX”.
Of course, blockchain-savvy thieves can be cunning, so it’s likely that the error was a red herring purposefully presented by the looter to mislead the investigators by causing some uncertainty. “It’s very usual for a scammer to establish a bogus KYC (know-your-customer) account so that authorities go after the incorrect individual,” Cryptogle, a blockchain investigator, told CoinDesk.
The crown jewels of Bankman-crypto Fried’s enterprise were top exchange FTX and its corporate-sibling trading firm Alameda Research, which fell in spectacular fashion last week after a bank run on FTX’s deposits revealed that it had lost billions of dollars in customer digital assets.
