According to Bloomberg, the probe was sponsored by the DOJ’s National Cryptocurrency Enforcement unit, a team of federal prosecutors overseeing the crypto industry in collaboration with the Manhattan federal prosecutors in charge of the sweeping criminal investigation.

Unrecognised Movement of Funds

Recall that on November 12, Crypto Saving Expert reported that FTX was allegedly hacked, with cybercriminals stealing $372 million from the platform less than 24 hours after SBF officially filed for Chapter 11 bankruptcy protection.

According to the report, the hackers targeted FTX and its American subsidiary FTX US. The two companies experienced a massive outflow of funds from their cold wallets.

On the same day, popular Twitter user sleuth ZachXBT disclosed that many FTX employees did not recognise the transfers from the firms’ wallets. The assets were estimated to be worth $383 million.

Shortly after the alleged hack, the company’s General Counsel, Ryne Miller, disclosed on Twitter that FTX was investigating abnormalities regarding the wallet movements. However, the company’s official Twitter account remained silent throughout the period.

Footprints on the Blockchain

U.S. authorities have now taken over the matter and are investigating the actual cause of the suspected hack. According to Bloomberg, the DOJ has already confiscated part of the stolen digital assets.

“The amount siphoned from FTX by the unknown actor was about $372 million, according to bankruptcy filings. Authorities managed to freeze funds on certain platforms because those outlets cooperated with law enforcement, the person confirmed. That is not always the case, especially with offshore exchanges,” reads the report.

While it is unclear whether the hack was an insider’s job, blockchain experts believe that the hackers had access to all the exploited cold wallets.

According to the report, Dyma Budorin, CEO of blockchain security auditing firm Hacken, found that the attackers left traces on the blockchain when they attempted to send USDT stablecoin to a designated address on the Tron network.

After several unsuccessful attempts to move the funds to the protocol due to the unavailability of TRX, Tron’s native token, the hackers then used their personal verified account on the crypto exchange Kraken to send out the funds, leaving their identity exposed.

(By William A. Frederick)