Ronin hackers have moved the stolen $625 million to Bitcoin Network: Report
Ronin hackers have transferred the stolen assets from Ethereum to the Bitcoin network, according to new findings from blockchain researcher and developer ₿liteZero.
Recall that after the Ronin bridge hack in March, the attackers moved $625 million worth of USDC and ETH to the Ethereum-based crypto mixer Tornado Cash, making it difficult for authorities to track the movement of the funds. But Tornado was not the end as the hackers took further steps to hide the transactions.
Follow the money
₿liteZero said he has traced the stolen funds and noticed that the attackers had transferred all the assets to the Bitcoin protocol using a network bridge and several crypto exchanges.
I have traced the stolen funds to Ronin Bridge.
I have noticed that Ronin hackers have transferred all their money to the bitcoin network. Most of the funds have been invested in mixers (ChipMixer, Blender).This thread🧵 will illustrate the procedures for tracking analysis.👇🏻 pic.twitter.com/yrazcJ22xF
— ₿liteZero (@blitezero) 20 August 2022
Using centralized exchanges
The blockchain investigator found that after the hackers withdrew the funds from Tornado Cash, they sent around 6,250 ETH ($20.7 million) to centralized exchanges (CEX) such as Binance, Huobi and FTX before sending the funds to North Korean crypto mixer Blender.
In May, the US Treasury Department sanctioned Blender addresses, noting that the crypto mixer helped the Ronin hackers process over $20.5 million of the stolen funds.
Interestingly, ₿liteZero stated that most of the sanctioned Blender addresses were used by Ronin hackers to receive funds after withdrawing from CEXs. After the money, the investigator noted that the total funds withdrawn from the exchanges amounted to $20.72 million, according to the US Treasury Department’s indictment.
Hackers linked stolen funds to the Bitcoin Network
The hackers converted the rest of the assets into pureBTC using 1inch or Uniswap. renBTC is wrapped bitcoin on the Ethereum network powered by the Ren Protocol. Since Ren enables the movement of value between blockchains, the hackers were able to bridge the assets from Ethereum to the Bitcoin network.
Afterwards, the hackers sent most of the funds to cryptomixers such as ChipMixer and Blender. They transferred the funds to ChipMixer before withdrawing some to Blender.
Concluding the Twitter thread, ₿liteZero said that they are currently working on analyzing the hackers, although they believe it will be more complex.
I am working on analyzing Ronin hackers and the next work will be more complex.
“Where’s the money?”
It’s a mystery to be investigated and I look forward to more progress.
Thanks for taking the time to read my thread, good luck!— ₿liteZero (@blitezero) 20 August 2022
Binance Free $100 (Exclusive): Use this link to sign up and receive $100 free and 10% off Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to sign up and enter code POTATO50 to receive up to $7,000 on your deposits.
