1. Home
  2. Exploiter

Exploiter

On the move: FTX hacker splits nearly $200M in ETH across 12 wallets

Meanwhile, Ethereum users are sending encoded messages to the FTX hacker pleading for a share of funds.

The hacker behind the theft of more than $447 million of crypto from the crypto exchange FTX has been again spotted moving their ill-gotten funds. 

According to Etherscan data, between 4:11 to 4:17 pm UTC on November 21, the attacker moved a total of 180,000 Ether (ETH) across 12 newly created wallets — each receiving 15,000 ETH. The total amount moved totaled $199.3 million at current prices.

Recent transactions from wallet labeled "FTX Accounts Drainer" — Source: Etherscan

At the time of publication, the ETH has not moved from any of the 12 wallets.

Some in the crypto community suggest the attacker may be planning to subdivide it into smaller and smaller amounts in order to confuse investigators, a process known as “peel chaining,” or they may be planning to use a mixing service at some point to obscure which coins are theirs.

Meanwhile, some Ethereum users appear to have sent coded messages to the hacker asking for a share of the loot.

One user registered the Ethereum Name Service (ENS) domain name, “ftx-rekt200k-pls-help.eth” to express that they have lost money from the FTX collapse and to ask for a reimbursement from the hacker.

They sent 21 transactions of 0.000001 Ether to the hacker’s address in an attempt to get noticed.

Another user was even more creative. They registered the ENS domain, “pleasecheckutf8data.eth” and sent 12 transactions of 0.0001 ETH or less to the hacker’s wallet address.

An encoded message asking the FTX Accounts Drainer for a share of funds. Source: Etherscan

Inside each transaction was a UTF8 encoded message that said “Please send me 100k~, I have medical bills to pay and visit the USA this coming December. I can't walk properly, and have aggressive muscle issues. Please help! I lost most of my money on FTX.”

The message also contained a link to an Imgur post which the user claimed was proof of their medical appointment.

Related: FTX hacker dumps 50,000 ETH, still among top 40 Ether holders

The hack occurred on Nov. 11, the same day that FTX filed for chapter 11 bankruptcy protection.

On November 20, the attacker transferred 50,000 ETH to a separate wallet and then converted it to Bitcoin using two separate renBTC bridges.

As of today, the hacker is the 40th largest holder of ETH.

Kernel Secures Binance Labs Funding To Redefine Restaking on BNB Chain

‘FTX Accounts Drainer’ Now Holds Over 250,000 ETH, Address Is the 27th Largest Ethereum Wallet

‘FTX Accounts Drainer’ Now Holds Over 250,000 ETH, Address Is the 27th Largest Ethereum WalletThe exploiter responsible for siphoning millions of dollars in ERC20 tokens and ethereum from FTX has added more ether to the entity’s holdings. The wallet is now situated in the top 30 largest wallet positions in terms of ethereum holdings. The address dubbed the “FTX Accounts Drainer” now holds 250,735 ethereum on Saturday, Nov. 19, […]

Kernel Secures Binance Labs Funding To Redefine Restaking on BNB Chain

Solana-Based Lending App Solend Gets Hacked for $1.26 Million in ‘Oracle Attack’

Solana-Based Lending App Solend Gets Hacked for .26 Million in ‘Oracle Attack’The Solana-centric lending application Solend lost $1.26 million in an oracle attack, according to Solend’s official Twitter account on Wednesday. A number of affected pools were disabled, and Solend says it has given crypto exchanges the exploiter’s address. Solana Defi Application Solend Loses $1.26 Million in Oracle Exploit The crypto community has seen two significant […]

Kernel Secures Binance Labs Funding To Redefine Restaking on BNB Chain