Tracking 15,000 ETH In $600 Million FTX Wallet Attack Using Privacy Tools And Bridges


In recent developments surrounding the FTX attack, it has been discovered that a tranche of 2,500 ETH (equivalent to $4 million) associated with the $600 million attack on FTX’s wallets has been on the move. The movement of these funds has brought attention to various destinations, including the Thorchain bridge, Railgun privacy wallet, and intermediary addresses. Additionally, the remaining funds from the attack have also been transferred, with a significant portion landing at the Thorchain router and a contract labeled “Metamask: Swap Router.” These movements of funds have sparked curiosity and deepened the mystery surrounding the collapse of FTX last year.


FTX, a prominent cryptocurrency exchange, experienced a devastating attack that resulted in the theft of a substantial amount of funds. The attack left the company and its users reeling, with a loss of $600 million worth of assets. Since then, efforts have been underway to trace the movements of the stolen funds and identify the perpetrators behind the attack.

New Developments

Recent developments in the investigation have shed light on the movement of the stolen funds. A tranche of 2,500 ETH, equivalent to $4 million, has been observed moving through various channels. These movements have taken place through privacy tools and bridges, making it harder to track the exact path of the funds. The destinations that these funds have been traced to include the Thorchain bridge, Railgun privacy wallet, and several intermediary addresses.

Tranche of 2,500 ETH Movements

Movement of Funds

The movement of the 2,500 ETH tranche is a significant development in the investigation. These funds, previously associated with the FTX attack, have reemerged in circulation. The movement of these funds suggests that efforts are being made to liquidate or further hide the stolen assets.


As the tranche of 2,500 ETH made its way through the cryptocurrency ecosystem, it was identified at various destinations. The Thorchain bridge, known for its decentralized cross-chain token swaps, has been one of the destinations. This suggests that the perpetrators behind the FTX attack attempted to move the funds across different blockchains to obfuscate their traces. Additionally, the Railgun privacy wallet, designed to enhance transaction privacy, was also implicated as a destination for these funds. Furthermore, the use of intermediary addresses indicates a deliberate attempt to complicate the tracking process.

Thorchain Bridge

The Thorchain bridge, a decentralized protocol facilitating cross-chain asset transfers, has emerged as a significant factor in the movement of the stolen funds. By utilizing the Thorchain bridge, the perpetrators were able to move the funds across different blockchains, making it more challenging to trace and recover the stolen assets. The involvement of the Thorchain bridge raises questions about the security of decentralized protocols and their susceptibility to exploitation by malicious actors.

Railgun Privacy Wallet

Another destination for the tranche of 2,500 ETH was the Railgun privacy wallet. Designed to enhance the privacy of transactions, the Railgun wallet offers users the ability to anonymize their transactions. The use of such privacy tools by the perpetrators behind the FTX attack further complicates the investigation, as it becomes harder to identify the exact flow of the stolen funds.

Intermediary Addresses

The movement of the tranche of funds was also observed through intermediary addresses. These addresses act as a middle ground, allowing for the transfer of funds between different wallets and platforms. By utilizing intermediary addresses, the perpetrators created a diversion, adding another layer of complexity to the investigation.

Movement of the Remaining Funds

Transfer of Funds

In addition to the tranche of 2,500 ETH, the movement of the remaining stolen funds has also been detected. These funds, comprising a significant portion of the $600 million worth of assets stolen from FTX, have been on the move as well. The transfer of these remaining funds suggests ongoing efforts by the perpetrators to further obfuscate the origin and destination of the stolen assets.


As the remaining funds from the FTX attack were traced, two notable destinations came to light. The Thorchain router, similar to the Thorchain bridge, allows for cross-chain asset transfers but operates within a specific ecosystem. The presence of the stolen funds at the Thorchain router indicates a continued effort to move the assets through different blockchain networks.

Another destination identified in the movement of the remaining funds was a contract labeled “Metamask: Swap Router.” Metamask, a popular digital wallet that interacts with decentralized applications, appears to have been utilized by the perpetrators for swapping the stolen assets. The use of Metamask, known for its user-friendly interface and broad adoption, enabled the perpetrators to mask their activities within the decentralized finance ecosystem.

Unidentified Hacker(s) and Investigation

Unknown Identity

Despite the extensive investigation conducted thus far, the identity of the hacker or hackers behind the FTX attack remains unknown. The anonymity provided by the nature of cryptocurrencies and the utilization of privacy tools have made it challenging for authorities to unmask the culprits responsible for the attack. This lack of identity adds another layer of complexity to the investigation and raises concerns regarding the ability to bring the perpetrators to justice.

Investigation Updates

Efforts to uncover the truth behind the FTX attack have been ongoing since the incident occurred. The investigation has seen advancements, such as tracing the movement of the stolen funds and identifying potential destinations. However, despite these developments, the complexity of the case continues to challenge investigators. The need for collaboration between law enforcement agencies, cybersecurity experts, and blockchain analysts remains crucial in order to make further progress in the investigation.

FTX Founder’s Trial

The upcoming trial of FTX founder and former CEO, Sam Bankman-Fried, adds a new dimension to the investigation. Bankman-Fried has been charged with wire fraud and conspiracy to commit fraud, further implicating him in the collapse of FTX. The trial will provide an opportunity to gather additional evidence and potentially shed light on the involvement of key individuals in the attack.

Charges against Sam Bankman-Fried

The charges against Bankman-Fried are serious and reflect the severity of the FTX attack and its consequences. Wire fraud and conspiracy to commit fraud are federal offenses that carry significant penalties if proven guilty. The outcome of the trial will have implications not only for Bankman-Fried but also for the broader cryptocurrency community, as it sets a precedent for holding individuals accountable for security breaches and fraudulent activities within the industry.

Mystery Surrounding FTX’s Collapse

Context of Collapse

The collapse of FTX last year sent shockwaves throughout the cryptocurrency industry. As one of the leading exchanges, FTX’s demise highlighted the vulnerability and risks associated with digital asset platforms. The attack, coupled with the subsequent movement of the stolen funds, has created a cloud of mystery surrounding the events leading to FTX’s collapse. Understanding the context in which the attack occurred is crucial in unraveling the full extent of the incident.

Impact of Fund Movements

The movement of the stolen funds deepens the mystery surrounding FTX’s collapse. The fact that a significant portion of the funds has been transferred to different destinations raises questions about the intentions of the perpetrators. Were they looking to liquidate the stolen assets or was their motive something else entirely? Additionally, the use of privacy tools, bridges, and intermediary addresses showcases a sophisticated level of planning and execution by the attackers, further complicating efforts to trace the funds.

As the investigation into the FTX attack and movement of funds continues, it is imperative for stakeholders within the cryptocurrency industry to collaborate and strengthen security measures. This incident serves as a stark reminder of the importance of robust cybersecurity protocols and the need for constant vigilance to thwart potential attacks. Only through collective efforts and enhanced security practices can the industry minimize the risks associated with such high-profile breaches and protect the interests of users and investors alike.