More tellingly, Tobias Silver, founder of crypto service Just.Money, pointed out on Twitter that one of the thieves’ transactions appeared to have been paid for with transaction fees funded from an account on the Kraken cryptocurrency exchange, which is likely required to possess identifying information for that account under “know-your-customer” laws. Kraken’s chief security officer, Nicholas Percoco, later tweeted, “We know the identity of the user.” When WIRED reached out to Percoco for comment, a Kraken spokesperson responded in a statement that “we have actively monitored recent developments with the FTX estate, are in contact with law enforcement, and have frozen Kraken account access to certain funds we suspect to be associated with ‘fraud, negligence or misconduct’ related to FTX (as set forth in our Terms of Service).”
The looting or seizure of FTX’s holdings—whether it totals to $338 million or $477 million—hardly represents an unprecedented haul in the world of cryptocurrency crime. In the late-March hack of the Ronin bridge, a gaming cryptocurrency exchange, North Korean thieves took $540 million. And earlier this year, cryptocurrency tracing led to the bust of a New York couple accused of laundering $4.5 billion in crypto.
But in the case of the high-profile FTX theft and the exchange’s overall collapse, tracing the errant funds might help put to rest—or confirm—swirling suspicions that someone within FTX was responsible for the theft. The company’s Bahamas-based CEO, Sam Bankman-Fried, who resigned Friday, lost virtually his entire $16 billion fortune in the collapse. According to an unconfirmed report from CoinTelegraph, he and two other FTX executives are “under supervision” in the Bahamas, preventing them from leaving the country. Reuters also reported late last week that Bankman-Fried possessed a “back door” that was built into FTX’s compliance system, allowing him to withdraw funds without alerting others at the company.
Despite those suspicions, TRM Labs’ Janczewski points out that the chaos of FTX’s meltdown might have provided an opportunity for hackers to exploit panicked employees and trick them into, say, clicking on a phishing email. Or, as Michelle Lai notes, bankrupted insider employees might have collaborated with hackers as a means to recover some of their own lost assets.
As the questions mount over whether—or to what degree—FTX’s own management might be responsible for the missing funds, the case has begun to resemble, more than any recent crypto heist, a very old one: the theft of a half billion dollars worth of bitcoins, discovered in 2014, from Mt. Gox, the first cryptocurrency exchange. In that case, blockchain analysis carried out by cryptocurrency tracing firm Chainalysis, along with law enforcement, helped to pin the theft on external hackers rather than Mt. Gox’s own staff. Eventually, Alexander Vinnik, a Russian man, was arrested in Greece in 2017 and later convicted of laundering the stolen Mt. Gox funds, exonerating Mt. Gox’s embattled executives.
Whether history will repeat itself, and cryptocurrency tracing will prove the innocence of FTX’s staff, remains far from clear. But as more eyes than ever scour the cryptocurrency economy’s blockchains, it’s a surer bet that the whodunit behind the FTX theft will, sooner or later, produce an answer.
Update 8:40 am 11-14-22: Added details about links from one of the thieves’ transactions to the Kraken exchange, which may have revealed their identity.
Update 12:30 pm 11-14-22: Added a response from Kraken.
Updated 12:15 pm 11-18-22: Added new findings that some of the money appears to have been seized by the Bahamas Securities Commission.