Meanwhile, Ethereum users are sending encoded messages to the FTX hacker pleading for a share of funds.
The hacker behind the theft of more than $447 million of crypto from the crypto exchange FTX has been again spotted moving their ill-gotten funds.
According to Etherscan data, between 4:11 to 4:17 pm UTC on November 21, the attacker moved a total of 180,000 Ether (ETH) across 12 newly created wallets — each receiving 15,000 ETH. The total amount moved totaled $199.3 million at current prices.
Recent transactions from wallet labeled “FTX Accounts Drainer” — Source: Etherscan
At the time of publication, the ETH has not moved from any of the 12 wallets.
Some in the crypto community suggest the attacker may be planning to subdivide it into smaller and smaller amounts in order to confuse investigators, a process known as “peel chaining,” or they may be planning to use a mixing service at some point to obscure which coins are theirs.
Meanwhile, some Ethereum users appear to have sent coded messages to the hacker asking for a share of the loot.
One user registered the Ethereum Name Service (ENS) domain name, “ftx-rekt200k-pls-help.eth” to express that they have lost money from the FTX collapse and to ask for a reimbursement from the hacker.
They sent 21 transactions of 0.000001 Ether to the hacker’s address in an attempt to get noticed.
Another user was even more creative. They registered the ENS domain, “pleasecheckutf8data.eth” and sent 12 transactions of 0.0001 ETH or less to the hacker’s wallet address.
An encoded message asking the FTX Accounts Drainer for a share of funds. Source: Etherscan
Inside each transaction was a UTF8 encoded message that said “Please send me 100k~, I have medical bills to pay and visit the USA this coming December. I can’t walk properly, and have aggressive muscle issues. Please help! I lost most of my money on FTX.”
The message also contained a link to an Imgur post which the user claimed was proof of their medical appointment.
The hack occurred on Nov. 11, the same day that FTX filed for chapter 11 bankruptcy protection.
On November 20, the attacker transferred 50,000 ETH to a separate wallet and then converted it to Bitcoin using two separate renBTC bridges.
As of today, the hacker is the 40th largest holder of ETH.