Transfer spoofing evident in FTX Exploiter wallet meme tokens transfers

Please fol­low and like us:
Pin Share

On Nov. 20, on-chain detec­tive ZachXBT set out a Twit­ter thread to debunk the three most com­mon­ly mis­un­der­stood issues sur­round­ing the FTX case.

The three areas ZachXBT set out to cov­er were:

  • Bahami­an offi­cials being behind the FTX hack
  • Exchang­ing know­ing the iden­ti­ty of the hacker
  • The FTX hack­er trad­ing meme coins.

ZachXBT began by alleg­ing that the ‘0x59’ wal­let was a black­hat address and not affil­i­at­ed with either the FTX team or Bahami­an officials.

The hack­er used very high slip­page in trades when sell­ing tokens for Ethereum (ETH), DAI, and BNB and was then bridged to avoid the assets being frozen on Nov. 12. This spo­radic behav­ior was not­ed to be “very dif­fer­ent” from oth­er address­es that with­drew from FTX by ZachXBT.

ZachXBT point­ed out sus­pi­cious on-chain move­ment fol­low­ing a trans­ac­tion of 3168 BNB from 0x59 to 0x24, then to Huo­bi – 0x24, hav­ing used poten­tial­ly inse­cure ser­vices like Laslobit.

ZachXBT explained that this behav­ior was whol­ly dif­fer­ent from the infor­ma­tion pro­vid­ed regard­ing the Debtors mov­ing assets to cold stor­age or the Bahami­an gov­ern­ment mov­ing assets to the dig­i­tal asset cus­tody plat­form, Fireblocks.

Next, ZachXBT high­light­ed poten­tial mis­in­for­ma­tion sur­round­ing exchanges being aware of the hacker’s identity.

In response to the “we know the iden­ti­ty of the user” claim from Kraken’s team mem­ber, Nick Per­co­co, ZachXBT explained that it was like­ly the “FTX recov­ery side and not the attack­er.” Addi­tion­al­ly, ZachXBT assert­ed in his thread that it was the FTX group secur­ing assets to a mul­ti-sig­na­ture wal­let on Tron — using Krak­en due to the FTX hot wal­let being out of gas for transactions.

Last­ly, cov­er­ing the third most com­mon spread of mis­un­der­stand­ing, Zach addressed the rumors sur­round­ing the FTX hack­er trad­ing meme coins.

Zach explained that the trans­fers were being spoofed to make it seem like the FTX hack­er wal­let was trad­ing meme coins. Cryp­toSlate reviewed the on-chain data and can con­firm that the trans­ac­tions appear to come from an alter­nate address which was fund­ed through 1inch on Nov.11.

The alter­nate address appears to have per­mis­sion to mint tokens such as WHATHAPPENED thus con­firm­ing the ori­gin of the token. To bet­ter under­stand how trans­ac­tions can be spoofed on the Ethereum net­work, a Medi­um arti­cle by Ether­scan com­mu­ni­ty mem­ber, Harith Kamarul, explains the issue.

Cryp­toSlate report­ed the move­ment of new­ly cre­at­ed ‘meme’ tokens from the FTX Exploiter account on Nov. 11 with a focus on the trans­fer of tokens to Uniswap and the poten­tial for a pump-and-dump scam. The arti­cle has been updat­ed to include the trans­ac­tion spoof­ing infor­ma­tion for clarity.

 



Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published.