FTX Exploiter Converts Millions in Ether to Alameda-Linked Ren Bitcoin Tokens

Whoever was behind the $600 million exploit of crypto exchange FTX started exchanging millions of dollars worth of ether to ren bitcoin (renBTC), a token that represents bitcoin on other blockchains, early on Sunday.

Funds stolen from FTX were steadily converted to ether over the past week, making the exploiter one of the largest holders of the token, as CoinDesk previously reported.

The use of renBTC may surprise some in the crypto space: In 2021, Alameda Research – the Sam Bankman-Fried-owned trading arm at the center of a multibillion-dollar scandal – said ren’s development team was “joining” Alameda and would work on expanding ren’s usage to several blockchains.

At 07:27 UTC Sunday, the hacker moved over 5,000 ether to a new wallet, blockchain data shows. An additional 35,000 ether was then moved to that wallet over three separate transactions.

On-chain analysis of the new wallet shows the exploiter subsequently started to convert ether to renBTC using the decentralized exchange aggregator 1inch. The first of such transactions had 4,000 ether being converted to wrapped bitcoin (wBTC), another bitcoin representative token, and then to renBTC.

The exploiter continued to convert ether to renBTC over several transactions, blockchain data shows.

Data cited by security firm PeckShield shows the exploiter used the Ren bridge to transfer out thousands of renBTC. Bridges are blockchain-based tools that allow users to exchange tokens between different networks.

As per a study by blockchain analysis firm Elliptic, the Ren bridge has been previously used to launder stolen funds to the tune of at least $540 million – as it may provide privacy to users, per the Elliptic report.

UPDATE (Nov. 12, 2022, 14:03 UTC): Clarifies the possible usage of Ren for laundering money.