By Joe Tidy
Cyber correspondent
A thief who stole more than $470m (£383m) in cryptocurrency when FTX crashed is trying to cash it out while the exchange’s founder is on trial.
Sam Bankman-Fried’s high-profile court case began last week. The former crypto mogul denies fraud.
After lying dormant for nine months, experts say $20m of the stolen stash is being laundered into traditional money every day.
New analysis shows how the mystery thief is trying to hide their tracks.
FTX was once one of the biggest exchange platforms in the world allowing crypto investors to buy, trade and store digital currencies. It went bankrupt on 11 November 2022, with billions of dollars of customer funds missing.
Mr Bankman-Fried is pleading not guilty to misusing customer funds and money laundering while bankruptcy lawyers are trying to locate the missing billions.
On the day FTX collapsed, hundreds of millions of dollars of cryptocurrency controlled by the exchange were stolen by an unidentified thief that is believed to still have control of the funds.
No one knows how the thief – or thieves – was able to get digital keys to FTX crypto wallets, but it is thought it was either an insider or a hacker who was able to steal the information.
The criminal moved 9,500 Ethereum coins, then worth $15.5m, from a wallet belonging to FTX, to a new wallet.
Over the next few hours, hundreds of other cryptoassets were taken from the company’s wallets, in transactions eventually totalling $477m.
According to researchers from Elliptic, a cryptocurrency investigation firm, the thief lost more than $100m in the weeks following the hack as some was frozen or lost in processing fees as they frantically moved the funds around to evade capture.
But by December around $70m was successfully sent to a cryptocurrency mixer – a criminal service used to launder Bitcoin, making it difficult to trace.
Without using a mixing service to hide the illicit origins of their Bitcoin, criminals risk being caught or having their funds seized by cryptocurrency exchanges.
Such exchanges allow people to exchange coins like Bitcoin and Ethereum for traditional cash.
Although mixers make it difficult to trace Bitcoin, Elliptic was able to follow a small amount of the funds – $4m – that was sent to an exchange.
The rest of the stolen FTX stash – around $230m – remained untouched until 30 September – the weekend before Mr Bankman-Fried’s trial began.
Nearly every day since then chunks worth millions have been sent to a mixer for laundering and then presumably cashing out.
Elliptic has been able to trace $54m of Bitcoin being sent to the Sinbad mixer after which the trail has gone cold for now.
Experts say the activity is strange and goes against the norm for cryptocurrency hackers and thieves.
“Crypto launderers have been known to wait for years to move and cash out assets once public attention has dissipated, but in this case they have begun to move just as the world’s attention is once again directed towards FTX and the events of November 2022,” said Tom Robinson, Elliptic’s co-founder.
Another finding from tracing the funds points to a potential link to Russian cyber-crime.
Some of the stolen Bitcoin successfully laundered last year has been traced to a wallet known to be used by Russian-linked criminal groups. Elliptic says this could point to the involvement of a broker or other intermediary with a link to Russia.
Panorama explores the breakneck rise and sensational fall of Sam Bankman-Fried, the maths genius who set out to transform the world of crypto but ended up being its biggest loser.
Watch on BBC iPlayer now and on BBC1 at 20:00, Monday 25 September (UK only)