Hours after defunct crypto exchange FTX and hedge fund Alameda Research filed for bankruptcy on Nov. 11, large amounts of funds were moved out of the exchange. Both firms were owned by Sam Bankmand-Fried (SBF), facing multiple counts of fraud until the bankruptcy filing.
More than a month later, the US Department of Justice (DOJ) has launched an investigation into the $372 million that disappeared from FTX, Bloomberg reported citing sources familiar with the matter. Per the report, the DOJ’s investigation is separate from the fraud case against SBF.
While the US prosecutors have managed to freeze some of the stolen assets, it constitutes only a small portion of the total haul from the attack, the report noted.
It remains unclear whether the FTX hack was the work of an insider or an opportunistic hacker. The hacker, if caught, could be facing up to 10 years in prison under computer fraud charges, according to the report.
DOJ’s National Cryptocurrency Enforcement Team, a group of prosecutors, focused on crypto investigations, is leading the investigation into the missing funds of FTX, as per the report. The team is collaborating with Manhattan federal prosecutors leading the criminal case against disgraced former crypto mogul SBF.
Details of the FTX exploit
In the aftermath of the attack, FTX U.S. General Counsel Ryne Miller tweeted on Nov. 12 that he was investigating “abnormalities with wallet movements.” On the same day, he also tweeted that FTX.US and FTX.com had moved all assets to a cold wallet as a precaution following the bankruptcy filing. Moving FTX assets to cold wallets was expedited in light of the “unauthorized transactions,” Miller noted.
Reuters reported on Nov. 12 that SBF had built a “backdoor” in FTX’s accounting software. The report claimed that this backdoor enabled SBF to move billions of funds without alerting staff and auditors. At the time, an estimated $1 -$2 billion in assets were missing.
While the crypto world was speculating whether the FTX exploit was an insider job, Nick Percoco, the chief security officer at Kraken exchange, tweeted that they knew the attacker’s identity.
A court filing on Nov. 17 revealed that the Securities Commission of the Bahamas (SCB) had ordered FTX to transfer the assets to regulator-controlled wallets on Nov. 12.
On Nov. 20, FTX acknowledged the hack in a tweet and asked exchanges to take measures to secure the funds that were moved “without authorization.” The same day, Chainalysis clarified that reports of stolen funds being sent to SCB were incorrect. The blockchain analytics firm added that some funds were sent to the regulators while others were stolen.
In the meantime, the FTX exploiter continued to move tokens through different chains via bridges and exchanged stolen assets through decentralized exchanges. On Nov. 15, after several swaps, the hacker emerged as the 35th largest holder of Ethereum (ETH), holding 228,523 ETH worth $284.82 million at the time.
It is worth noting that SBF is facing criminal charges for misusing billions of dollars in user funds, amounting to far more than the $372 million stolen in the attack. The disgraced former CEO is out on bail and awaiting trial at the US Southern District Court of New York.
The judge assigned to the SBF case recused herself because of ties between her husband’s law firm and FTX on November 23. The case is now set to be handled by Bill Clinton-nominated Judge Lewis Kaplan.