FTX attacker turns to ChipMixer to launder tokens
The FTX attacker turned to ChipMixer to launder funds and already washed around 360 Bitcoin (BTC), according to on-chain sleuth ZachXBT.
Update: FTX attacker has started using ChipMixer to launder the funds (so far ~360 BTC) https://t.co/xuiCaajnh8 https://t.co/qsSJs8d8OV
— ZachXBT (@zachxbt) November 25, 2022
Earlier attacks
The FTX drainer has been active since Nov. 12. In addition to significant hits that caught the community’s attention, the attacker has constantly been moving tokens between 8:00 and 10:00 UTC.
The attack was first noticed when FTX and FTX U.S. started experiencing $450 million worth of withdrawals. The stolen funds were first sold for tokens, including Ethereum (ETH) and Binance USD (BNB), before getting consolidated in one main wallet.
On Nov. 17, it was noticed that the attacker drained another 30,000 BNB tokens, which was worth around $7.95 million at the time. Another big hit came on Nov. 21, when the attacker moved 180,000 ETH in 12 separate transactions.
ChipMixer
According to data from Aug. 2022, ChipMixer facilitated the laundering of 48.9% of funds on the Bitcoin network, while Tornado Cash helped with 74.6%. Roughly 26,021 Bitcoins were sent to ChipMixer, and 14,370 Bitcoins were withdrawn from the protocol during the first six months of the year.
According to crypto influencer FatManTerra, ChipMixer is deployed by the U.S. government and is “a United States government honeypot.”
? Today, I’m sharing my long-standing theory behind a US government covert operation designed to partially crack Bitcoin privacy and deanonymize transactions. I believe that popular Bitcoin mixer ChipMixer is actually a United States government honeypot. Here’s why.
— FatMan (@FatManTerra) November 23, 2022
According to FatManTerra, ChipMixer was released in 2017 with ample reserves and an unusual “pay what you want” model and quickly rose to prominence. It spent large amounts on bounties and ads while having zero revenue.
In his 19-Tweets-long thread, FatManTerra explained why he is “absolutely sure” that ChipMixer is a honeypot and said he had his eye on other protocols that could also be honeypots. He states:
“After looking at ChipMixer’s history, it’s clear to me that they are being bankrolled by an extremely wealthy entity who doesn’t care about profitability and has a lot of money to burn on making the service popular — millions spent, but revenue coming solely from small donations.”
»