That means it will be very difficult for the thieves to abscond with their profits in a spendable form without being identified, says Michelle Lai, a cryptocurrency privacy advocate, investor, and consultant who says she’s been tracking the movements of the stolen FTX funds with “morbid fascination.” But the real question, Lai says, is whether identifying the thieves will offer any recourse: After all, many of the most prolific cryptocurrency thieves are Russians or North Koreans operating in non-extradition countries, beyond the reach of Western law enforcement. “It’s not a question of whether they’ll know who did it. It’s whether it will be actionable,” says Lai. “Whether they’re on-shore.”
In the meantime, Lai and many other crypto-watchers have been closely eyeing one Ethereum address that is currently holding around $192 million worth of the funds. The account has been sending small sums of Ethereum-based tokens—some of which appear to have little to no value—to a variety of exchange accounts, as well as Ethereum inventor Vitalik Buterin and Ukrainian cryptocurrency fundraiser accounts. But Lai guesses that these transactions are likely meant to simply complicate the picture for law enforcement or other observers before any real attempt to launder or cash out the money.
The pilfering of FTX—whether the theft totals $338 million or $477 million—hardly represents an unprecedented haul in the world of cryptocurrency crime. In the late-March hack of the Ronin bridge, a gaming cryptocurrency exchange, North Korean thieves took $540 million. And earlier this year, cryptocurrency tracing led to the bust of a New York couple accused of laundering $4.5 billion in crypto.
But in the case of the high-profile FTX theft and the exchange’s overall collapse, tracing the errant funds might help put to rest—or confirm—swirling suspicions that someone within FTX was responsible for the theft. The company’s Bahamas-based CEO, Sam Bankman-Fried, who resigned Friday, lost virtually his entire $16 billion fortune in the collapse. According to an unconfirmed report from CoinTelegraph, he and two other FTX executives are “under supervision” in the Bahamas, preventing them from leaving the country. Reuters also reported late last week that Bankman-Fried possessed a “backdoor” that was built into FTX’s compliance system, allowing him to withdraw funds without alerting others at the company.
Despite those suspicions, TRM Labs’ Janczewski points out that the chaos of FTX’s meltdown might have provided an opportunity for hackers to exploit panicked employees and trick them into, say, clicking on a phishing email. Or, as Michelle Lai notes, bankrupted insider employees might have collaborated with hackers as a means to recover some of their own lost assets.
As the questions mount over whether—or to what degree—FTX’s own management might be responsible for the theft, the case has begun to resemble, more than any recent crypto heist, a very old one: the theft of a half billion dollars worth of bitcoins, discovered in 2014, from Mt. Gox, the first cryptocurrency exchange. In that case, blockchain analysis carried out by cryptocurrency tracing firm Chainalysis, along with law enforcement, helped to pin the theft on external hackers rather than Mt. Gox’s own staff. Eventually, Alexander Vinnik, a Russian man, was arrested in Greece in 2017 and later convicted of laundering the stolen Mt. Gox funds, exonerating Mt. Gox’s embattled executives.
Whether history will repeat itself, and cryptocurrency tracing will prove the innocence of FTX’s staff, remains far from clear. But as more eyes than ever scour the cryptocurrency economy’s blockchains, it’s a surer bet that the whodunit behind the FTX theft will, sooner or later, produce an answer.