The hackers behind the $625 million Ronin Bridge attack in March have since moved most of their funds from ETH to BTC using RainBTC and bitcoin privacy tools Blender and Chipmixer.
hacker activity has been tracked By EliteZero, an on-chain investigator who works for Slomist and contributed to the company’s 2022 Mid-Year Blockchain Security Report. He outlined the transaction route for the money stolen since the March 23 attack.
Most of the stolen funds were originally converted into ETH and sent to the now accepted Ethereum crypto mixer Tornado Cash before being bridged over the bitcoin network and converted to BTC via the Ren protocol.
I am tracking the stolen money on the Ronin Bridge.
I have seen Ronin hackers transfer all their funds to the bitcoin network. Most of the money is deposited in the mixer (chipmixer, blender).This thread will describe the tracking analysis procedures. pic.twitter.com/yrazcJ22xF
— eliteZero (@blitzero) 20 August 2022
According to the report, the hackers, believed to be the Lazarus Group, a North Korean cybercrime organization, initially moved a portion of the funds (6,249 ETH) to centralized exchanges, including Huobi (5,028 ETH) and FTX (1,219 ETH). . 28.
From centralized exchanges, it appears that 6249 ETH has been converted into BTC. The hackers then transferred 439 BTC ($20.5 million) to the bitcoin privacy tool Blender, which was also approved by the US Treasury in May. 6. The analyst wrote:
“I got the reply in Blender Acceptance Addresses. Most of Blender Acceptance Addresses are Blender Deposit Addresses used by Ronin Hackers. They have deposited all their withdrawal amount in Blender after withdrawing from exchange.
However, most of the stolen funds – 175,000 ETH – were transferred between April 4 and May 19, with an increase in Tornado Cash.
The hackers later used decentralized exchange Uniswap and 1inch to convert approximately 113,000 ETH into renBTC (a wrapped version of BTC), and used Ren’s decentralized cross-chain bridge to transfer assets from Ethereum to the Bitcoin network. Done and open renBTC to BTC.
From there, approximately 6,631 BTC were distributed across various centralized exchanges and decentralized protocols:
The report also stated that the Ronin hackers withdrew 2,871 BTC (out of 3,460 BTC) ($61.6 million as of August 22) via the bitcoin privacy tool Chipmixer.
liteZero ended the Twitter thread by saying that the Ronin hack remains a “mystery to investigate” and that more progress remains to be made.
