According to the last report by blockchain developer and researcher BliteZero, Ronin hackers transferred stolen assets from the Ethereum network to the Bitcoin network.
Following the Ronin Bridge incident in March, hackers transferred $625 million worth of USDC and ETH to the Ethereum-based crypto-mixer Tornado Cash. It was therefore difficult for the judicial authorities to trace the flow of funds. After the tornado, however, the hackers are still trying to hide the transactions.
I tracked down the stolen funds on Ronin Bridge.
I noticed that the Ronin hackers transferred all their funds to the bitcoin network. Most funds were deposited in blenders (ChipMixer, Blender).
This thread🧵 will illustrate follow-up analysis procedures.👇🏻 pic.twitter.com/yrazcJ22xF
— ₿liteZero (@blitezero) August 20, 2022
The On-Chain Investigator, a SlowMist Mid-Year 2022 Blockchain Security Contributor report, has been following hacker behavior for a long time. In fact, since the March 23 incident, SlowMist has been leading the investigation of transactions that took place with the stolen money.
So what happened to the money?
The report claimed that on March 28, the hackers – believed to be members of the North Korean cybercrime group Lazarus Group – transferred only a small fraction of the funds (6,249 ETH) to centralized exchanges. These include Huobi (5,028 ETH) and FTX (1,219 ETH).
The 6249 ETH appears to have been converted to BTC from the centralized exchanges. In the next phase, the hackers sent 439 BTC ($20.5 million) to Blender, the Bitcoin privacy tool sanctioned on May 6. The researcher noted,
“I found the answer in Blender’s Penalty Addresses. Most Blender sanction addresses are Blender drop addresses used by Ronin hackers. They deposited all of their withdrawal funds into Blender after withdrawing from exchanges.
Here it is interesting to note that BliteZero claimed that Ronin hackers used the majority of authorized Blender addresses to receive money after making withdrawals from CEX. The investigator added that the total amount of money withdrawn from the exchanges was $20.72 million – as per the US Treasury’s claim.
Funds stolen from the Bitcoin network
Using 1inch or Uniswap, the hackers changed the remaining assets to renBTC. RenBTC powered by the Ren protocol is wrapped in Bitcoin running on the Ethereum network. Ren’s ability to transport value between blockchains allowed hackers to connect Ethereum assets to the Bitcoin network.
A majority of the money was then sent by the hackers to cryptocurrency mixers like Blender and ChipMixer. Before mining money for Blender, they transferred the money to ChipMixer. BliteZero concluded the discussion on Twitter by stating that they are now working on hacker analysis, although they think it will be more difficult.
The Ronin Bridge attack is one of the biggest attacks in the history of cryptocurrency. The crucial Bridge Chain was attacked, resulting in a loss of 173,600 Ethereum and 25.5 million USDC, or over $600 million. The stolen money was transferred to FTX, Huobi, and CryptoCom after the March 23 breach. Along the same lines, each of these companies promised to take action to track down the money.
Additionally, the Ronin Network has temporarily stopped accepting deposits and withdrawals.