Recently, the FTX hacker address has started to change again, which has attracted attention. Odaily found some interesting clues by checking the address on the hacker chain, and I would like to share with you:

1. After the hacker succeeded, he collected tokens from multiple addresses into the address 0x97f991971a37d4ca58064e6a98fc563f03a71e5c, which is a multi-signature smart contract address and requires authorization from multiple addresses to perform operations. This may imply that the hacker is a gang. Currently, there are 45.85 million tokens FTT in this address, worth 65.66 million US dollars, ranking second in holdings. In addition, there are a large number of other tokens in this address: 144 million BOBA, 52.93 million SRM, 9381 XAUt, 40.39 million GMT, 7.16 million TONCOIN, 3.16 million GT, etc., with a total value of 304 million US dollars.

2. The etherscan website has marked 11 addresses of the hacker. At present, nearly half of the addresses have been emptied of tokens, and only 5 addresses are left with an amount of more than 10,000 US dollars; among them, the address with the most funds is 0x59**d32b, which is about 27.89 million US dollars, the USDT in this address has been blacklisted by Tether and cannot be transferred, and the rest of the account assets are as follows:

3. The 0x59**d32b address is also one of the most frequently used addresses by hackers. As of November 19, this address has accumulated a total of 245,000 ETH, making it one of the top 30 Ethereum holding addresses. On November 20, the address sold 50,000 ETH, some of which were exchanged for renBTC, and then transferred to the encryption mixer ChipMixer for laundering.

image description

(Hackers launder coins through transactions)

5. On November 22, 180,000 ETHs were transferred from the 0x59**d32b address and distributed to 12 addresses, each with 15,000 ETHs. Currently, the 180,000 ETHs (valued at $234 million) have not been sold. The details of the addresses are as follows:

6. Hackers seem to have a unique interest in gold-backed tokens. According to Odaily statistics, hacker accounts have a total of 11,184 PAXG and 9,381 XAUt. Both PAXG and XAUt are ERC-20 stablecoins backed by physical gold. They belong to two companies, Paxos and Tether. Holders can use them to exchange 1:1 with physical gold. One token is equivalent to one ounce of physical gold , whose price is directly linked to the real-time gold price. However, at present, Paxos has frozen the PAXG token in the hacker's address, while Tether has only frozen the USDT in the hacker's account, and has not frozen XAUt.

7. Hackers also have a special liking for "financial management". When the addresses are continuously monitored by all parties, hackers still participate in the on-chain lending activities of Balancer V2, Aave V3, Klima DAO and other applications.