The beleaguered cryptocurrency exchange FTX suffered a $400 million hack over the weekend, and at least one blockchain expert says the clues point to a high-profile insider who made an amateur mistake that could inadvertently reveal his identity.
The attacker apparently “had access to all the cold wallet storage he was using,” Dima Budorin, co-founder and CEO of blockchain security audit company Hacken, told CoinDesk TV on Monday.
Haken investigated the blockchain transactions and found that the marauder unsuccessfully tried several times to send Tether (USDT) stablecoin on the Tron blockchain because he did not have enough TRX, the native token of the Tron network, in his wallet to pay the transaction fee. Thus, the marauder used his verified personal account on the Kraken crypto exchange to send 500 TRX to the compromised wallet address to cover the transaction.
“He made a stupid mistake,” Budorin said.
Due to Kraken’s “know your customer” or KYC measures – part of anti-money laundering compliance requirements – and the verification process, the exchange obtained information about who owns the personal wallet from which TRX was sent, revealing the identity behind the exploit .
According to Budorin, Haken immediately contacted Kraken security about the deal.
“We know the identity of the user,” said Nick Percoco, director of security at cryptocurrency exchange Kraken. tweet Saturday. Percoco added that he was told that FTX or the exchange’s founder and former chief executive Sam Bankman-Freed would release an official statement.
Budorin said the exploit showed that FTX was managing its cold wallets “very badly.”
Read more: ‘FTX Has Been Hacked’: Crypto Disaster Deepens As Exchange Sees Mysterious Fund Outflows Worth Over $600M
New details about the exploit sparked rumors of crypto twitter that FTX owner Sam Bankman-Freed or someone close to him may have been behind the exploit, given access to cold FTX wallets.
When asked if Bankman-Fried was the owner of the compromised wallet from which the exploit was taken, Budorin replied that “this is confidential information,” but added that the owner of the wallet is a US citizen. Budorin did not respond to CoinDesk’s request for additional comment at the time of posting about how he obtained the hacker’s nationality information and whether Kraken shared any personal data with the account holder’s Hacken.
A spokesperson for Kraken said the exchange is “in touch with law enforcement and has frozen Kraken’s account access to certain funds that we suspect are related to FTX-related “fraud, negligence, or misconduct,” according to a statement sent via e-mail.
Of course, blockchain-savvy criminals can be sophisticated, so it’s entirely possible that the bug was a red herring that the marauder deliberately provided to mislead the investigation, causing some confusion.
“It is very common for scammers to use a fake KYC (know your customer) account to get authorities to go after the wrong person,” Cryptogle, a blockchain sleuth, told CoinDesk.
Leading exchange FTX and its corporate trading firm Alameda Research were the jewels of the Bankman-Freed crypto empire, which collapsed spectacularly last week after a bank run on FTX deposits showed it had lost billions of dollars of digital assets that belonged to clients.
The entire conglomerate, 138 firms, filed for bankruptcy protection on Friday after bailout plans failed, prompting several investigations.
Read more: FTX files for bankruptcy protection in the United States; Bankman-Fried CEO resigns