The mysterious looter of bankrupt crypto exchange FTX, who is likely an insider according to a blockchain expert, holds $339 million of digital assets that they drained from the exchange late Friday, according to crypto intelligence platform Arkham Intelligence.
Arkham found that the wallets associated with the exploiter hold $292 million in ETH, the native token of the Ethereum blockchain, $48 million in Maker’s stablecoin DAI, $44 million in BNB, the Binance ecosystem’s native token, $4 million in Tether’s USDT stablecoin on the Avalanche blockchain and $3.8 million of MATIC on Polygon’s Matic bridge.
Some $20 million in PAXG, a Paxos stablecoin linked to the price of gold, was frozen when Paxos was ordered to blacklist the accounts by U.S. authorities, preventing the holder from moving or cashing out the tokens.
Late Friday night, the insolvent crypto exchange FTX of Sam Bankman-Fried, suffered suspicious outflows exceeding $600 million, as CoinDesk reported. One entity at the center of the exploit siphoned off about $400 million from the exchange’s crypto wallets. The attack came after FTX, and the other 137 firms of Bankman-Fried’s crypto conglomerate, filed for bankruptcy protection the same day.
Read more: ‘FTX Has Been Hacked’: Crypto Disaster Worsens as Exchange Sees Mysterious Outflows Exceeding $600M
The hacker acted hastily based on their behavior on the blockchain, according to Arkham’s report. They used various decentralized exchanges to convert tokens, including UniSwap, 1inch and CowSwap, and struggled to dump coins such as MATIC, LINK and PAXG divided into smaller amounts to prevent losses from slippage.
After tracing the attacker’s blockchain transactions, Arkham found that they “appeared to be in panic” and “lost a large amount of their token holdings” when they moved assets across different chains to avoid getting caught. In a likely attempt to consolidate their holdings, they also converted tokens to ETH and DAI on the Ethereum network, movements that cannot be easily sanctioned by authorities.
“It is becoming clearer by the day that the FTX exploiter is not very sophisticated,” Miguel Morel, chief executive of Arkham Intelligence, told CoinDesk. “They’ve hastily tried to do whatever they can with the funds, seemingly without much of a plan.”
The attacker also seemingly committed at least one amateur misstep. They flippantly tapped their verified personal account on crypto exchange Kraken to send enough TRX tokens to cover transaction fees, according to Dyma Budorin, CEO of blockchain security audit firm Hacken.
The unsophisticated maneuvers imply that there may be some hope to reclaim the funds the hacker took.
“I think it’s only a matter of time before they’re discovered due to their use of various off-ramps, and at that point it will just be about recovering the funds,” Morel said.
Read more: FTX Hack or Inside Job? Blockchain Experts Examine Clues and a ‘Stupid Mistake’