Blockchain investigations: Following the stolen FTX money

Patrick Devaney


It has been a rocky week for crypto with the collapse of FTX, a major crypto exchange, seemingly wiping billions of the combined net worth of legions of crypto enthusiasts. We’re not talking here about the volatility of the crypto markets either even though the price of Bitcoin crashed to new yearly lows and has been up and down since. Instead, the real headlines have come from billions of dollars’ worth of FTX user deposits simply not being there anymore. In total, it looks as though close to $8 billion worth of crypto assets were essentially worthless as the company did not have the funds needed to pay out their value. On top of that, hackers were able to walk away with almost half a billion dollars. This article will try to unpick the chaos and look at how investigators are trying to get the money back and catch the people who stole it.

Following a Twitter exchange between FTX head honcho Sam Bankman-Fried and Changpeng Zhao, CEO of rival crypto exchange Binance, FTX users began frantically trying to withdraw their funds from the exchange, attempting to take around $6 billion worth of funds over a 24-hour period. This was a full-scale bank run that ended in FTX filing for bankruptcy and leaving so many users without access to their assets.

Blockchain investigations: Following the stolen FTX money

A deeper look at FTX

Back in its heyday Bankman-Fried’s FTX was seen as a prodigious company and he and his company were regularly compared to entrepreneurial luminaries such as J.P. Morgan or Warren Buffet. Behind the scenes, however, FTX was not run like other companies. For a start, despite venture capitalist firms investing billions of dollars into the company they did not have representatives on the board.

It is no wonder that things have gone so badly wrong when you further examine the corporate structure at FTX. As well as working without the oversight of a board of investors, the FTX top team were all living together in a penthouse in the Bahamas with several reports claiming that they were all in romantic relationships with each other. If you add to this the rather austere image that Bankman-Fried and his team portrayed to the world while living in a penthouse that has just gone on the market for just under $40 million the dysfunction and dishonesty that will come to mark FTX quickly becomes apparent.

How FTX failed

This leads to what ultimately caused FTX to fail, which was the mishandling of user deposits in misguided attempts to invest in companies and future endeavors. Bankman-Fried founded Alameda Research in 2017 before founding FTX a couple of years later. Alameda Research was a trading firm, investing in crypto projects and flipping the investments for profit. Once FTX had been founded, however, the close proximity between the trading firm and the exchange began to raise eyebrows, due to Alameda often profiting from the losses FTX customers were experiencing. According to the New York Times, although both companies were supposed to be separate entities, Alameda employees often had a full view of the FTX trading data when teams from both companies were working out of the Bahamas penthouse.

The links between the two firms sit at the heart of the recent crypto crash as loans made by Alameda to cover bad investments proved difficult to pay off as the cash was not readily available. In an attempt to plug this gap, the firm began using FTX user deposits to pay off the loans. Reports say that this amounted to a staggering $10 billion worth of FTX deposits being used to cover Alameda loans, an amount which the exchange simply could not cover.

The FTX hack

This brings us to the hack. Incredibly, on top of the billions of dollars of misappropriated funds squandered on bad investments, hackers were also able to steal almost half a billion dollars from FTX as the company was collapsing. Naturally, considering the dishonest and dysfunctional environment of the FTX head office/penthouse, suspicions have quickly turned to FTX insiders. It is still not exactly clear how the hack was perpetrated against the ailing crypto exchange but fortunately, due to the nature of blockchains, following the money is easy to do and even if the transactions are made anonymously, at the end of the day, turning the anonymous crypto coins into spendable currency will get people’s attention.

How investigators are tracking the stolen money

Blockchains work like centralized ledgers. Transactions and contract executions are computed and added to blocks and then added to the chain. The chain cannot then be altered only added to meaning that the transactions are all transparent and remain public forever. This means that crypto coins stolen in the hack can be tracked whenever somebody interacts with a blockchain to move them around. This means, that as Wired has reported, crypto investigators have been able to follow the cash, which crypto-tracing company TRM Labs values at around $338 million to a mere handful of crypto wallet addresses.

The result of this observability is that it becomes very difficult for the hackers to actually spend the cash. As head of investigations at TRM Labs, Chris Janczewski said to Wired:

“This potential thief has hundreds of millions of dollars. But it’s like they went into a bank, took as much cash as they could carry, and then the dye packs went off. They’ve got all this money, but now everyone knows it’s connected to this bank robbery. What can you actually do with it?”

All this leaves the thieves in a tricky situation as any time they try to access or spend the cash they have stolen from FTX, they put their identities at risk. Identities that may well be linked to team members at FTX itself. However, it is worth pointing out, however, that although people seeing their fortunes evaporate before their eyes may seem like the perfect culprits for a heist of this magnitude, they could also be more susceptible to scams. We report regularly on advanced phishing scams designed to take advantage of internet users and trick them into clicking on a link they shouldn’t or downloading an infected file. There is a good chance that the scammer may have taken advantage of the chaos of FTX’s fall to get a team member to do something they shouldn’t have.

How to spot a phishing scam Learn more

Whoever perpetrated the FTX hack, whether it was an internal team member, or an external hacker will likely face challenges getting the stolen money out into the real world as crypto investigators are watching the money closely. On top of the hack, however, thoughts must also go out to the unsuspecting FTX users who have seen their funds disappear through malfeasance and dishonest business practices.

You may also like