The beleaguered crypto exchange FTX suffered a $400 million hack over the weekend, and at least one blockchain expert says the clues are point to a high-level insider who committed an amateur misstep that might have inadvertently revealed their identity.
The attacker appears to have “had access to all the cold wallet storages which he exploited,” Dyma Budorin, co-founder and chief executive of blockchain security auditing firm Hacken, said Monday in an interview with CoinDesk TV.
Hacken investigated blockchain transactions and found that the looter tried to send tether (USDT) stablecoin on the Tron blockchain multiple times unsuccessfully because they didn’t have enough TRX, the Tron network’s native token, in the wallet to pay for transaction fees. So the looter used their verified personal account on crypto exchange Kraken to send 500 TRX to the compromised wallet address to cover the transaction.
“He made a stupid mistake,” Budorin said.
Because of Kraken’s “know-your-customer” or KYC measures – part of the anti-money-laundering compliance requirements – and verification process, the exchange had information on who owns the personal wallet the TRX was sent from, revealing the identity behind the exploit.
Hacken immediately contacted Kraken’s security team about the transaction, Budorin said.
“We know the identity of the user,” Nick Percoco, chief security officer of crypto exchange Kraken, said in a tweet Saturday. Percoco added he was told that FTX or the exchange’s founder and former chief executive, Sam Bankman-Fried, will release an official statement.
Budorin said that the exploit demonstrated that the way FTX managed its cold wallets was “very poor.”
Read more: ‘FTX Has Been Hacked’: Crypto Disaster Worsens as Exchange Sees Mysterious Outflows Exceeding $600M
New details about the exploit led to speculation on crypto Twitter that possibly FTX owner Sam Bankman-Fried or someone in his close circle could have been behind the…
