Report: $625M From Ronin Hack Moved to Bitcoin Network

Ronin hack

According to blockchain investigator and developer ₿liteZero, Ronin hackers have transferred $625 million of USDC and ETH to Tornado Cash, a virtual currency mixer.  

The Ronin Bridge attack resulted in the loss of 173,600 ETH and 25.5 million USDC in late March, 2022. Following the attack, the hackers moved the assets to Tornado, which made it difficult for authorities to track and trace movement of the funds. 

The March attack is said to be the biggest crypto heist to date, targeting high-profile crypto P2E game Axie Infinity. In the initial attack, the hackers had compromised the Axie DAO validator node through Ronin’s “gas-free RPC node”, which allowed for free transactions on the network. The hackers are suspected to be from North Korea.

Tracking the Ronin hack funds

In a Twitter thread, ₿liteZero details that Tornado was not the only stop made as the Ronin hackers attempted to obscure their tracks. The hackers also used other mixers such as ChipMixer and North Korean crypto mixer Blender in the process.

₿liteZero also stated that the stolen funds have been transferred to the Bitcoin protocol through a network bridge, with the help of several crypto exchanges.

In addition, the Ronin hackers have also used centralised exchanges (CEXs) like Binance, Huobi, and FTX prior to transferring a total amount of 6,250 ETH ($20.7 million) to Blender.

Blender had been sanctioned by the United States Treasury Department – as of May 2022, with the U.S. Treasury citing that Blender had assisted Ronin in the transfer of over $20.5 million in stolen funds.

Earlier this month, mixer Tornado Cash had been also sanctioned by the United States Treasury Department.

Bridging stolen funds to the Bitcoin Network

The hackers had converted the amount left to renBTC through DeFi platforms like 1inch and Uniswap. As renBTC is a wrapped Bitcoin (wBTC) – it can be used both on the Ethereum network and Bitcoin network, through the Ren Protocol. 

As the Ren Protocol allows for funds to seamlessly transfer between blockchains, it became a channel for hackers to move the stolen assets from Ethereum to Bitcoin. Following the bridging of funds, the hackers had transferred funds to ChipMixer and Blender.

Share Post:

Twitter
LinkedIn
Telegram
Facebook
Pinterest