Ronin Bridge Hack: $625 Million in Stolen Crypto Funds Now on the Bitcoin Network
According to the last report by blockchain developer and researcher BliteZero, Ronin hackers have transferred the stolen assets from the Ethereum network to the Bitcoin network.
After the Ronin bridge incident in March, hackers moved $625 million worth of USDC and ETH to the Ethereum-based crypto mixer Tornado Cash. This made it challenging for law enforcement to trace the flow of funds. After the tornado, the hackers are now still trying to hide the transactions.
I have traced the stolen funds to Ronin Bridge.
I have noticed that Ronin hackers have transferred all their money to the bitcoin network. Most of the funds have been invested in mixers (ChipMixer, Blender).This thread🧵 will illustrate the procedures for tracking analysis.👇🏻 pic.twitter.com/yrazcJ22xF
— ₿liteZero (@blitezero) 20 August 2022
The on-chain investigator, a contributor to SlowMist’s 2022 Mid-Year Blockchain Security Report, has long followed the hacker’s behavior. In fact, since the March 23 incident, SlowMist has been at the forefront of tracking the transactions that took place with the stolen money.
So what happened to the money?
The report claimed that on March 28, the hackers – believed to be members of the North Korean cybercrime group Lazarus Group – transferred only a small fraction of the funds (6,249 ETH) to centralized exchanges. These include Huobi (5,028 ETH) and FTX (1,219 ETH).
6249 ETH appears to have been converted to BTC from the centralized exchanges. In the following phase, the hackers sent 439 BTC ($20.5 million) to the May 6 sanctioned Bitcoin privacy tool Blender. The researcher noted,
“I have found the answer in Blender sanction addresses. Most Blender sanction addresses are Blender deposit addresses used by Ronin hackers. They have deposited all the withdrawal funds into Blender after withdrawing from the exchanges.”
Here it is interesting to note that BliteZero claimed that the Ronin hackers used the majority of the authorized Blender addresses to receive funds after making withdrawals from CEXs. The investigator added that the total amount withdrawn from the exchanges was $20.72 million – in line with the US Treasury Department’s claim.
Stolen funds on the Bitcoin network
Using 1inch or Uniswap, the hackers changed the remaining assets to pureBTC. Ren Protocol powered renBTC is packaged Bitcoin running on the Ethereum network. Ren’s ability to transport value between blockchains allowed the hackers to connect the Ethereum assets to the Bitcoin network.
A majority of the money was then sent by the hackers to cryptocurrency mixers such as Blender and ChipMixer. Before withdrawing money to Blender, they transferred the money to ChipMixer. BliteZero ended the Twitter discussion by stating that they are now working to analyze the hackers, although they believe it will be more difficult.
The Ronin bridge attack is one of the biggest attacks in the history of cryptocrimes. The crucial bridge chain was attacked, causing a loss of 173,600 Ethereum and 25.5 million USDC, or more than $600 million. The stolen money has been transferred to FTX, Huobi and CryptoCom following the March 23 breach. Following the same, each of these companies has promised to take steps to trace the money.
Furthermore, Ronin Network has temporarily stopped accepting deposits and withdrawals.