The tokens were quickly converted to ether, the second-largest cryptocurrency, a popular technique used by hackers to prevent their funds from being seized.
Tom Robinson, co-founder of Elliptic, clarified the numbers in an email late Saturday afternoon. He said that the group had tracked a total of $663 million that had moved from FTX. Of that, $477 million is suspected to have been stolen, with the remainder authorized by FTX itself. He said the numbers could fluctuate slightly as the group did more research.
Earlier Saturday afternoon, the chief security officer at another major exchange, Kraken, said that a verified account on its platform had been used in the breach.
“We know the identity of the user,” Kraken’s Nick Percoco tweeted. He said that a statement from FTX was expected soon.
Meanwhile, a prominent crypto investigator, known online as ZachXBT, said he had tracked two accounts that were moving funds — the hacker and one at FTX that tried to stem the damage.
“The attacker withdrew assets from FTX/FTX U.S. and began selling them for assets that can’t be frozen,” ZachXBT wrote in a message to The Washington Post. “It appears FTX employees then began to save the remaining assets.”
Some crypto entities were able to freeze the hacked assets, making them unusable, he added. Tether, the coin pegged to the U.S. dollar, was able to freeze about $31 million.
In his view, it remains unclear whether the attacker was a person with inside knowledge of FTX’s systems. (The blockchain — the digital ledger used in the analysis — does not offer personally identifying data.) Some experts have noted that when a company winds…