According to blockchain investigator and developer ₿liteZero, Ronin hackers have transferred $625 million of USDC and ETH to Tornado Cash, a virtual currency mixer.
The Ronin Bridge attack resulted in the loss of 173,600 ETH and 25.5 million USDC in late March, 2022. Following the attack, the hackers moved the assets to Tornado, which made it difficult for authorities to track and trace movement of the funds.
The March attack is said to be the biggest crypto heist to date, targeting high-profile crypto P2E game Axie Infinity. In the initial attack, the hackers had compromised the Axie DAO validator node through Ronin’s “gas-free RPC node”, which allowed for free transactions on the network. The hackers are suspected to be from North Korea.
Here comes an initial flow chart @Ronin_Network! Hope it helps to recover the stolen funds! @binance @HuobiGlobal @FTX_Official @SBF_FTX @cz_binance @MultichainOrg https://t.co/N660QtFukP pic.twitter.com/ABWktFpOPx
— PeckShield Inc. (@peckshield) March 30, 2022
Tracking the Ronin hack funds
In a Twitter thread, ₿liteZero details that Tornado was not the only stop made as the Ronin hackers attempted to obscure their tracks. The hackers also used other mixers such as ChipMixer and North Korean crypto mixer Blender in the process.
I've been tracking the stolen funds on Ronin Bridge.
I've noticed that Ronin hackers have transferred all of their funds to the bitcoin network. Most of the funds have been deposited to mixers(ChipMixer, Blender).
This thread🧵 will illustrate the tracking analysis procedures.👇🏻 pic.twitter.com/yrazcJ22xF
— ₿liteZero (@blitezero) August 20, 2022
₿liteZero also stated that the stolen funds have been transferred to the Bitcoin protocol through a network bridge, with the help of several crypto exchanges.
In addition, the Ronin hackers have also used centralised exchanges (CEXs) like Binance, Huobi, and FTX prior to transferring a total amount of 6,250 ETH ($20.7 million) to Blender.
Blender had been sanctioned by the United States Treasury Department – as of May 2022, with the U.S. Treasury citing that Blender had assisted Ronin in the transfer of over $20.5 million in stolen funds.
Earlier this month, mixer Tornado Cash had been also sanctioned by the United States Treasury Department.
Bridging stolen funds to the Bitcoin Network
The hackers had converted the amount left to renBTC through DeFi platforms like 1inch and Uniswap. As renBTC is a wrapped Bitcoin (wBTC) – it can be used both on the Ethereum network and Bitcoin network, through the Ren Protocol.
As the Ren Protocol allows for funds to seamlessly transfer between blockchains, it became a channel for hackers to move the stolen assets from Ethereum to Bitcoin. Following the bridging of funds, the hackers had transferred funds to ChipMixer and Blender.