Federal prosecutors are investigating an alleged cybercrime that drained more than $370 million out of FTX just hours after the cryptocurrency exchange filed for bankruptcy last month.
The Department of Justice has launched a criminal probe into the stolen assets that is separate from the fraud case against FTX co-founder Sam Bankman-Fried, according to a person familiar with the case. US authorities have managed to freeze some of the stolen funds, the person confirmed. However the frozen assets only represent a fraction of the entire loot.
It is unclear whether the infiltration was an inside job, as Bankman-Fried suggested in interviews before his arrest, or the work of an opportunistic hacker keen to exploit the vulnerabilities of a crumbling company. The conduct could amount to a charge in connection with computers fraud, which carries a maximum sentence of 10 years in prison.
The amount stolen is considerably less than the billions of dollars Bankman-Fried is accused of misusing while he was at the helm of FTX. Authorities say the 30-year-old founder, who is currently on bail and living in California, fraudulently raised $1.8 billion from investors and used FTX funds to wage high-risk bets at hedge fund Alameda Research and to cover personal expenses.
Spokespersons for the Department of Justice and Manhattan US attorney’s office declined to comment.
FTX’s new chief executive, John J Ray III, revealed on Nov. 12 that there had been “unauthorized access” to FTX assets a day earlier, the same day the estate had filed for bankruptcy.
The investigation is being led by the DOJ’s National Cryptocurrency Enforcement Team, a network of prosecutors focused on digital asset investigations, a person familiar with the case said. The team is working with Manhattan federal prosecutors in charge of the sweeping criminal investigation that led to the arrest of Bankman-Fried this month.
The amount siphoned from FTX by the unknown actor was about $372 million, according to bankruptcy filings. Authorities managed to freeze funds on certain platforms because those outlets cooperated with law enforcement, the person confirmed. That is not always the case, especially with offshore exchanges.
In an analysis of the stolen funds’ path last month, blockchain analytics firm Elliptic stated the tokens drained from FTX wallets were swapped for ETH, another cryptocurrency, through decentralized exchanges. That was “a tactic commonly seen in large hacks,” the firm said at the time.
On Nov. 20, Chainalysis, another firm, tweeted that the stolen funds were on “the move” and had been bridged from ETH to Bitcoin. The group warned exchanges to be on the look out in case the hacker tried to cash out. Some of the funds had also been deposited into a mixer, which jumbles different types of cryptocurrencies together to obfuscate the origins, according to ZachXBT, a Twitter user who tracks crypto hacks.