On-chain investigator ZachXBT took to Twitter to correct “tons of misinformation” about the event and possible culprits.

On-chain researcher ZachXBT shared his findings on what he sees as the three most common misconceptions about the FTX hack, taking to Twitter to correct a “ton of misinformation” about the event and potential culprits.

In a lengthy November 20 post on Twitter, the self-proclaimed “chain detective” debunked speculation that Bahamian officials were behind the FTX attack, that the exchanges knew the hacker’s true identity, and that the culprit was trading memecoins.

Bahamian Officials behind the FTX Hack?

The hack of nearly half a billion dollars in cryptocurrency from bankrupt FTX last weekend was actually a government asset seizure, acknowledged by The Securities Commission of the Bahamas.

“The Securities Commission of the Bahamas, in the exercise of its powers as regulator acting under the authority of an order made by the Supreme Court of the Bahamas, took the action of directing the transfer of all the digital assets of FTX Digital Markets Ltd. to a digital wallet controlled by the commission, for safekeeping,” the agency said in a statement.

However, ZachXBT argued that the wallet address “0x59” associated with the hacker was a blackhat address and was not affiliated with either the FTX team or SCB because it “began selling tokens for ETH, DAI, and BNB and using a variety of bridges so crypto couldn’t be frozen on 11/12.”

Zach also notes that the blackhat wallet has had contact with another wallet, 0x24, which he suggests “has very suspicious behavior on-chain using sketchy services.”

Blockchain analytics firm Chainalysis reached a similar conclusion on November 20, noting that, “Reports that the stolen FTX funds were actually sent to the Bahamas Securities and Exchange Commission are incorrect. Some funds were stolen and other funds were sent to regulators.”

Do Exchanges Know who the Hacker is?

ZachXBT highlighted potential misinformation surrounding the claim that “Kraken or other exchanges” had discovered the hacker’s identity.

Zach says that the user identified as the hacker was likely just the FTX group securing assets in a multi-signature wallet on Tron, using Kraken because the active FTX wallet had no transaction fuel for it. He further states that the withdrawals “also matched what Ryne Miller (FTX GC) had said at the time. This took place hours after the initial 0x59 withdrawals.”

FTX Hacker Presumably Trading Memecoins?

As a last point, ZachXBT took aim at the rumor that hacker FTX is trading memecoins, which was first noted by Blockchain analytics firm CertiK.

Instead, the Blockchain detective claims that, in fact, “it is someone spoofing transfers to make it look they are,” citing a March blog by Etherscan community member Harith Kamarul, who explains how transactions can be forged.

ZachXBT concludes by advising users to “triple check who you get your info from,” and claiming that. “many people are using the FTX event to appear knowledgeable for engagement, when in fact they have zero clue what is going on.”

By Audy Castaneda


Please enter your comment!
Please enter your name here