https://www.wired.com/story/ftx-hack-theft-crypto-tracing/
Cryptocurrency has always offered a strange mix of temptations and challenges for anyone trying to steal it. As digital cash, held in multibillion-dollar sums on hackable, internet-connected networks, it presents a lucrative target. But once it's stolen, the blockchains that almost every cryptocurrency is built on make it possible to follow that money's every movement and, very often, to identify the thieves. So after a massive heist pulled nearly half a billion dollars worth of funds out of the already collapsing FTX cryptocurrency exchange yesterday, the world's crypto tracers are now closely tracking where that loot ends up—and looking for any clues that reveal the thief to be an FTX insider or just an opportunistic hacker.
On Friday, hours after the major cryptocurrency exchange FTX had filed for bankruptcy in the wake of its epic, 10-figure collapse, FTX's remaining funds were drained of more than $663 million worth of cryptocurrency, much of which appears to have been stolen. "FTX has been hacked," wrote an administrator in FTX's Telegram channel. "FTX apps are malware. Delete them." [...]
[...] "We're definitely watching the movements of these funds," says Chris Janczewski, the head of investigations at TRM Labs and a former special agent at the IRS's criminal investigations division. "This potential thief has hundreds of millions of dollars. But it's like they went into a bank, took as much cash as they could carry, and then the dye packs went off. They've got all this money, but now everyone knows it's connected to this bank robbery. What can you actually do with it?"
[...] But in the case of the high-profile FTX theft and the exchange's overall collapse, tracing the errant funds might help put to rest—or confirm—swirling suspicions that someone within FTX was responsible for the theft. The company's Bahamas-based CEO, Sam Bankman-Fried, who resigned Friday, lost virtually his entire $16 billion fortune in the collapse. According to an unconfirmed report from CoinTelegraph, he and two other FTX executives are "under supervision" in the Bahamas, preventing them from leaving the country. Reuters also reported late last week that Bankman-Fried possessed a "back door" that was built into FTX's compliance system, allowing him to withdraw funds without alerting others at the company.
[...] As the questions mount over whether—or to what degree—FTX's own management might be responsible for the theft, the case has begun to resemble, more than any recent crypto heist, a very old one: the theft of a half billion dollars worth of bitcoins, discovered in 2014, from Mt. Gox, the first cryptocurrency exchange. In that case, blockchain analysis carried out by cryptocurrency tracing firm Chainalysis, along with law enforcement, helped to pin the theft on external hackers rather than Mt. Gox's own staff. Eventually, Alexander Vinnik, a Russian man, was arrested in Greece in 2017 and later convicted of laundering the stolen Mt. Gox funds, exonerating Mt. Gox's embattled executives.
Whether history will repeat itself, and cryptocurrency tracing will prove the innocence of FTX's staff, remains far from clear. But as more eyes than ever scour the cryptocurrency economy's blockchains, it's a surer bet that the whodunit behind the FTX theft will, sooner or later, produce an answer.
Related Stories
Convicted FTX fraudster Sam Bankman-Fried pleaded for a lenient prison sentence in a court filing yesterday, saying that he isn't motivated by greed and "is already being punished."
Bankman-Fried requested a sentence of 63 to 78 months, or 5.25 to 6.5 years. Because of "Sam's charitable works and demonstrated commitment to others, a sentence that returns Sam promptly to a productive role in society would be sufficient, but not greater than necessary, to comply with the purposes of sentencing," the court filing said.
[...] The filing urged the court to "reject the PSR's barbaric proposal" of 100 years, saying that such sentences should only be for "heinous conduct" like terrorism and child sexual abuse.
The founder and ex-CEO of cryptocurrency exchange FTX, Bankman-Fried was convicted on seven charges with a combined maximum sentence of 110 years after a monthlong trial in US District Court for the Southern District of New York. The charges included wire fraud and conspiracy to commit wire fraud, securities fraud, commodities fraud, and money laundering.
[...] Kaplan said before the trial that SBF "could be looking at a very long sentence" if convicted. After the conviction, law professors were quoted as saying that Bankman-Fried's sentence was likely to be at least 20 or 25 years and conceivably as much as 50 years.
[...] "Sam was not predatory. He did not set out to prey on the elderly, the unsophisticated, or implement a plan to poach pension assets. His conduct falls far lower on the culpability scale," the filing said. He also "never intended to cause loss for the purpose of his own personal gain," his legal team said.
Bankman-Fried's conduct should be characterized as "risk shifting," the filing said. Risk-shifting "offenses are not specifically intended to cause loss. Instead, they shift the risk of any potential loss from the defendant (or from others involved in the criminal undertaking) to a third party, such as the victim of the offense."
According to Bankman-Fried's legal team, this makes his offenses similar in severity to "false statements for the purpose of obtaining a bank loan that is intended to be repaid. Such offenses are generally less culpable than those where loss is specifically intended."
[...] Bankman-Fried's sentencing submission was accompanied by letters of support from his parents and others. His mother, Barbara Fried, wrote that "Sam is the first person we would call if we needed an angel of mercy in a pinch," and that he "lived an exemplary life in every way prior to the events that brought FTX down."
(Score: 4, Touché) by drussell on Thursday November 17 2022, @07:15PM (1 child)
Probably SBF, the girlfriend or other insider to cover their tracks of virtual asset embezzlement? We stole some virtual stuff that was backed by some other virtual stuff three layers deep, none of which actually exists in the real world, so.... umm, yeah, sorry?!
https://youtu.be/MWfuDeO9thk [youtu.be]
(Score: 4, Insightful) by zocalo on Thursday November 17 2022, @08:23PM
UNIX? They're not even circumcised! Savages!
(Score: 2) by mcgrew on Thursday November 17 2022, @08:36PM (10 children)
If you steal "currency" that's based on nothing but dreams and fairy dust rather than business or government (tangible assets), are you really stealing anything?
We not only don't have all the answers, we don't even have all of the questions.
(Score: 2) by HiThere on Thursday November 17 2022, @08:57PM (1 child)
Well, yes. But it might be difficult to justify it an anything other than petty theft.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by zocalo on Thursday November 17 2022, @10:05PM
UNIX? They're not even circumcised! Savages!
(Score: 2, Disagree) by SomeRandomGeek on Thursday November 17 2022, @10:24PM
Its a security feature! You own some cryptocurrency. If someone steals it, that proves that the whole currency was flawed to begin with. The value of the currency goes to zero, and the thieves get nothing. So there is no incentive to steal your cryptocurrency! I'm pretty sure that NFTs work on this principle, too.
(Score: 3, Insightful) by Beryllium Sphere (r) on Thursday November 17 2022, @10:37PM
Old legal maxim, "the value of a thing is what that thing will bring". Until the market collapses or the price goes to zero, it's like stealing anything that can be sold.
(Score: 2) by Sjolfr on Thursday November 17 2022, @11:00PM (5 children)
It was a government regulated exchange. Ever since the US government recognized crypto-currency as an actual currency it's been treated as such; taxes and all. Hundreds of millions in crypto is still hundreds of millions of the exchange rate in dollars. The very existence of the exchange, and the fact that it has to legally declare bankruptcy, proves that fact. Thinking otherwise is naive and/or misguided.
Crypto-coins are absolutely unique and they are very traceable. The manner in which law enforcement goes about tracking down the coins, once they get used, is another matter. All they have to do is watch the blockchain for the coin transfers. Once they get an address, that can be tied to a person, they can start asking questions of those people and track the thieves down. Time and patience.
(Score: 1) by khallow on Friday November 18 2022, @12:52AM (4 children)
Oh really? Does that have any legal meaning even if it were true (which I doubt)? I'm pretty sure the Fed isn't building up a reserve of bitcoins, for example.
(Score: 0) by Anonymous Coward on Friday November 18 2022, @02:02AM (1 child)
Maybe there is a hard drive that they keep in the vaults of Fort Knox where they amass all their bitcoins.
(Score: 1) by khallow on Friday November 18 2022, @03:58AM
(Score: 3, Interesting) by Sjolfr on Friday November 18 2022, @02:58AM (1 child)
My mistake, the IRS treats crypto-currency as property for tax purposes. That ligitimizes crypto as a medium for making payments and brings the law in to play when it is stolen or laundered.
The concept is the same though. Crypto-exchanges are regulated much like stock exchanges. Steal $100M worth of bitcoin and, like Bernie Madoff, you can be prosecuted and convicted of a felony.
(Score: 1) by khallow on Saturday November 19 2022, @12:12PM
It's in the same category as say, Pokemon cards. Crypto doesn't need much in the way of legitimization and the US government is heavily limited in what it can do to restrict use of it.
(Score: 2, Interesting) by bobmorning on Friday November 18 2022, @12:53AM (1 child)
Seems like the Bahamian government was one step ahead of everyone:
https://www.cnbc.com/2022/11/17/ftx-suggests-sam-bankman-fried-transferred-assets-to-bahamas-government-custody-after-bankruptcy-filing.html [cnbc.com]
(Score: 1) by khallow on Friday November 18 2022, @04:06AM
(Score: 2) by pgc on Saturday November 19 2022, @10:27PM
Wasn't it already published that the hack was indeed performed by SBF, but was ordered by the Bahama authorities?