Transfer spoofing evident in FTX Exploiter wallet meme tokens transfers
On November 20th, on-chain detective ZachXBT launched a Twitter thread to expose three of the most commonly misunderstood issues surrounding the FTX case.
The three areas ZachXBT covers are:
- Bahamian Officials Behind FTX Hack
- Exchange while knowing the identity of the hacker
- FTX hacker trading memecoins.
1/ I’ve seen a lot of misinformation spread on Twitter and in the news about FTX events.
“Bahamian Officials Are Behind FTX Hack”
“Exchanges know who the hackers are”
“FTX Hackers Are Trading Meme Coins” pic.twitter.com/IAtHnpJI44—ZachXBT (@zachxbt) November 20, 2022
ZachXBT first claimed that the “0x59” wallet was a blackhat address and had no connection with the FTX team or the Bahamian authorities.
Hackers used very high slippages in trading when selling Ethereum (ETH), DAI, and BNB tokens, which were bridged to avoid the assets being frozen on Nov. 12. It was noted that this sporadic behavior was “very different” from other addresses. By ZachXBT that he withdrew from FTX.
3/ The fact that 0x59 was dumping tokens and bridging sporadically was a very different behavior than other addresses that withdrew from FTX and instead sent to chain multisigs like Eth and Tron. did. https://t.co/WE3Zyax2ub
—ZachXBT (@zachxbt) November 20, 2022
ZachXBT pointed out suspicious on-chain activity following 3168 BNB transactions from 0x59 to 0x24 and Huobi – to 0x24, using potentially insecure services like Laslobit.
ZachXBT explained that this action is in stark contrast to information provided regarding debtors moving assets into cold storage and the Bahamian government moving assets into digital asset storage platform Fireblocks. .
5/ This action is completely different from what has been said about debtors moving assets to cold storage or Bahamas government moving assets to Fireblock. pic.twitter.com/wMekRhzOPR
—ZachXBT (@zachxbt) November 20, 2022
ZachXBT then highlighted the potential misinformation surrounding the exchange knowing the hacker’s identity.
In response to Kraken team member Nick Percoco’s claim that “the user’s identity is known,” ZachXBT explained that it was likely “the recovery side of FTX, not the attacker.” Additionally, ZachXBT claims in his thread that he is his FTX group using Kraken to secure assets in Tron’s multi-signature wallet as the FTX hot wallet is out of gas for transactions. did.
8/ This was consistent with the behavior of 0x97 multisig, also funded via CEX. pic.twitter.com/J2uHIpe7Oj
—ZachXBT (@zachxbt) November 20, 2022
Finally, Zach covered the third most common misconception spread, addressing rumors that FTX hackers are trading meme coins.
Zach explained that the transfers were disguised to make it appear that the FTX hacker wallet was trading meme coins. crypto slate You can check your on-chain data and confirm that the transaction appears to be coming from another address. funding Up to 1 inch on November 11th.
Alternate addresses appear to have the authority to create tokens such as WHATHAPPENED and verify the origin of the token. To better understand how transactions are camouflaged in the Ethereum network, medium article Harith Kamarul, a by Etherscan community member, describes this issue.
11/ Check three times who you got the information from. Many people use FTX events to pretend they’re familiar with engagements when in fact they have no idea what’s going on.
—ZachXBT (@zachxbt) November 20, 2022
CryptoSlate reported on the movement of newly minted “meme” tokens from FTX Exploiter accounts on November 11th, highlighting the transfer of tokens to Uniswap and a potential pump-and-dump scam. This article has been updated to include transaction impersonation information for clarity.
