Blockchain intelligence company Elliptic has linked FTX’s $400 million hack to Russian hackers, citing the unsophisticated method of laundering employed by the attacker.

Per Elliptic’s report, the attacker was converting the stolen funds to Bitcoin using Renbridge, a service owned by the bankrupt exchange sister company, Alameda Research. Consequently, the attacker used ChipMixer and other crypto-mixing services to cover their tracks.

This laundering method is “distinct and unsophisticated compared to those typically used by North Korea-backed Lazarus Group,” Elliptic said.

“A Russia-linked actor seems a stronger possibility. Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges.”

FTX suffered a $415 million crypto hack in November last year after the company filed for bankruptcy. The attacker recently moved part of the stolen funds amid Sam Bankman-Fried’s ongoing trial in New York.

The hack may also be an insider job

Elliptic further noted that an insider might have carried out or assisted in the exploit.

According to the firm, some FTX employees might have capitalized on the chaos surrounding the company’s bankruptcy to move some of the company’s crypto assets.

Elliptic furthered that another suspect might be the disgraced founder of the exchange, SBF. However, the firm noted that SBF’s limited access to the internet would hamper any laundering efforts, citing one instance where the attacker moved funds while he was in court.

The report also highlighted that the exchange’s weak security structure could have made it an easy target for external actors. The exchange’s new CEO, John Ray III, revealed that the company’s crypto assets’ private keys were not securely stored, and a former Alameda employee also reported how the company lost millions to leaked private keys.