The online hackers behind the $625 million Ronin bridge attack in March have since transferred many of their funds from ETH into BTC using renBTC and Bitcoin privacy tools Blender and ChipMixer.
The hacker’s activity continues to be tracked by on-chain investigator ‘₿liteZero’, who works best for SlowMist and contributed towards the company’s 2022 Mid-Year Blockchain Security report. They outlined the transaction path from the stolen funds because the Marly. 23 attack.
A lot of the stolen funds were initially changed into ETH and delivered to now sanctioned Ethereum crypto mixer Tornado Cash prior to being bridged to the Bitcoin network and changed into BTC through the Ren protocol.
I have been tracking the stolen funds on Ronin Bridge.
I have observed that Ronin online hackers have transferred all their funds towards the bitcoin network. The majority of the funds happen to be deposited to mixers(ChipMixer, Blender).This thread will illustrate the tracking analysis procedures. pic.twitter.com/yrazcJ22xF
— ₿liteZero (@blitezero) August 20, 2022
Based on the report, the online hackers, who’re thought to be North Korean cybercrime organization Lazarus Group, initially transferred just part of the fund (6,249 ETH) to centralized exchanges including Huobi (5,028 ETH) and FTX (1,219 ETH) on Marly. 28.
In the centralized exchanges, the 6249 ETH made an appearance to possess been changed into BTC. The online hackers then transferred 439 BTC ($20.5 million) to Bitcoin privacy tool Blender, that was also sanctioned through the U.S. Treasury on May. 6. The analyst authored:
“I’ve found the solution in Blender sanction addresses. Most Blender sanction addresses are Blender’s deposit addresses utilized by Ronin online hackers. They’ve deposited all of their withdrawal funds to Blender after withdrawing in the exchanges.”
Nevertheless the overwhelming most of stolen funds — 175,000 ETH — was transferred Tornado Cash incrementally between April 4 and could 19.
The online hackers subsequently used decentralized exchanges Uniswap and 1inch to transform around 113,000 ETH to renBTC (a wrapped form of BTC), and used Ren’s decentralized mix-chain bridge to transfer the assets from Ethereum towards the Bitcoin network and unwrap the renBTC into BTC.
After that, roughly 6,631 BTC was given to a number of centralized exchanges and decentralized protocols:
The report also mentioned the Ronin online hackers withdrew 2,871 BTC (from the 3,460 BTC) ($61.six million by August. 22) via Bitcoin privacy tool ChipMixer.
₿liteZero concluded the Twitter thread by proclaiming that the Ronin hack remains a “mystery to become investigated” which more progress will be made.
