The ongoing criminal trial of FTX founder Sam Bankman-Fried has dominated crypto headlines throughout October 2023, but a parallel security crisis has been unfolding largely in the shadows. The hacker who drained approximately $470 million from FTX wallets during the exchange’s collapse in November 2022 has been systematically laundering stolen funds on a daily basis since the trial began on October 3, 2023.
The Exploit Mechanics
According to blockchain analytics firms tracking the stolen funds, the FTX hacker has been moving chunks of the pilfered cryptocurrency through a sophisticated laundering pipeline. The stolen assets, initially consisting of various tokens including Ethereum and stablecoins, have been converted and washed through decentralized exchanges and cross-chain bridges in a methodical pattern. Each day since the trial commenced, portions of the $470 million hoard have been siphoned through mixing services and swapped for privacy-focused assets.
The timing is hardly coincidental. With the entire crypto industry and law enforcement community focused on the dramatic courtroom proceedings in Manhattan, the hacker appears to be exploiting the distraction to accelerate the laundering process. Blockchain analysts have noted that the pace of fund movement has increased significantly during the trial weeks compared to the months prior.
Affected Systems
The original breach occurred on November 11, 2022, just hours after FTX filed for Chapter 11 bankruptcy protection. The attacker gained access to FTX’s hot wallets and systematically drained funds across multiple blockchains. The compromised systems included FTX’s main trading wallets on Ethereum, Solana, and Binance Smart Chain. At the time, FTX held approximately $473 million in customer funds across these wallets, with the hacker rapidly consolidating positions.
On-chain tracking reveals that the stolen funds have been distributed across hundreds of wallets, with the attacker using techniques such as peel chains, where small amounts are peeled off through successive transactions to obscure the trail. The laundering operation has utilized decentralized protocols including Thorchain for cross-chain swaps and various Ethereum-based mixers.
The Mitigation Strategy
Law enforcement agencies, including the FBI and international counterparts, continue to monitor the stolen funds. The Bahamas Financial Services Authority and U.S. prosecutors have coordinated efforts to trace and potentially freeze laundered assets. Several centralized exchanges have been alerted to watch for incoming funds matching the stolen wallet patterns. Atomic Wallet, for instance, recently froze $2 million in suspicious deposits linked to the laundering operation.
Tether has also taken proactive steps, freezing 32 cryptocurrency addresses linked to terrorism and illicit warfare financing in Israel and Ukraine during the same period. While not directly tied to the FTX hack, this action demonstrates the growing willingness of stablecoin issuers to cooperate with law enforcement on fund recovery.
Lessons Learned
The FTX hack and subsequent laundering operation exposes critical weaknesses in exchange security during periods of organizational crisis. When an exchange enters bankruptcy proceedings, the security infrastructure often degrades precisely when it is most vulnerable. Key takeaways include the urgent need for multi-signature governance on exchange hot wallets, real-time blockchain monitoring for anomalous withdrawal patterns during crisis events, and pre-established law enforcement liaison protocols for immediate response to large-scale theft.
The fact that the hacker has been laundering funds for nearly a year without full recovery also highlights the limitations of current on-chain forensics. While blockchain analysis can trace funds, the proliferation of cross-chain bridges and privacy tools makes interdiction increasingly difficult.
User Action Required
For users who had funds on FTX at the time of the collapse, the ongoing laundering complicates recovery efforts. FTX debtors have proposed a payout plan that would return approximately 90% of customer funds, though the timeline remains uncertain. Users should register claims through the official FTX bankruptcy proceedings and monitor court filings for updates. For the broader crypto community, the incident reinforces the fundamental principle: not your keys, not your coins. Hardware wallets and self-custody remain the most effective defense against exchange-related losses.
Disclaimer: This article is for informational purposes only and does not constitute financial or legal advice. Readers should consult qualified professionals for guidance specific to their situation.
470M laundered through dex bridges and mixers while the trial gave perfect cover
dave_ftx exactly. bridges and mixers are just plumbing. the real question is how much already hit cold wallets in dubai
$470M being laundered in plain sight while everyone watches the SBF trial is wild. on-chain analytics firms must be burning through overtime trying to flag all these addresses in real time
swapping through cross-chain bridges and mixers is the standard playbook now. the scary part is how much of that $470M has probably already been cashed out through no-KYC OTC desks
no-KYC OTC desks in dubai and singapore were moving serious volume in late 2023. no way to trace funds once they hit those
chainalysis and elliptic were definitely running 24/7 but the cross-chain bridge hops make tracking a nightmare. once funds hit a privacy chain like monero the trail goes cold
the timing is the most suspicious part. hacker sits on funds for months then starts moving chunks the exact week the trial starts? that is not coincidence, that is exploiting media distraction
the timing is too perfect. trial starts oct 3, hacker starts moving oct 3. someone knew the media cycle would bury the laundering story under sbf courtroom drama
onchain_eye disagree. the media was never going to cover on-chain forensics during a criminal trial. hacker exploited attention not information
SBF trial was getting 24/7 coverage. perfect smokescreen. whoever this hacker is, they understand information warfare
imagine being the hacker sitting on $470M and choosing to launder it through DeFi during the most watched criminal trial in crypto history. either incredibly bold or someone tipped them off
SBF got 25 years and this hacker is probably sipping cocktails somewhere with 470M. justice system in a nutshell