Thursday, December 8, 2022
 

Ronin Hackers Move $625M Stolen Funds From Ethereum to Bitcoin

  • The hackers involved in the Ronin bridge attack moved $625 million worth of USDC and ETH to Tornado Cash.
  • The cybercrime group continues to spread out the stolen funds using Bitcoin privacy tools to remain anonymous.
  • The hackers’ identity is believed to be a North Korean cybercrime group Lazarus Group.

The hackers involved in the $625 million Ronin bridge attack in March 2022 have reportedly transferred most of the stolen funds from Ethereum (ETH) into Bitcoin (BTC). It is believed that the programmer used renBTC and Bitcoin privacy tools including Blender and ChipMixer to steal the funds.

Reportedly, the attackers moved the $625 million worth of USD Coin (USDC) and ETH to Ethereum-based crypto mixer Tornado Cash, making it difficult for authorities to trace the movement of the funds. After the transfer, the hackers took further steps to obscure the transactions.

According to the initial reports, the hackers, who are believed to be North Korean cybercrime organization Lazarus Group, sent about 6,250 ETH ($20.7 million) to centralized exchanges such as Binance, FTX, and Huobi before sending the funds to Blender.

BliteZero, a blockchain investigator and developer, said they have been tracing the stolen funds and noticed that the attackers had transferred all the assets to the Bitcoin protocol using a network bridge and other crypto exchanges.

The analyst commented:

I’ve found the answer in Blender sanction addresses. Most Blender sanction addresses are Blender’s deposit addresses used by Ronin hackers. They have deposited all their withdrawal funds to Blender after withdrawing from the exchanges.

While closing the Twitter thread, BliteZero said they are currently working on analyzing the hackers, although it seems to be more complex.

  • The hackers involved in the Ronin bridge attack moved $625 million worth of USDC and ETH to Tornado Cash.
  • The cybercrime group continues to spread out the stolen funds using Bitcoin privacy tools to remain anonymous.
  • The hackers’ identity is believed to be a North Korean cybercrime group Lazarus Group.

The hackers involved in the $625 million Ronin bridge attack in March 2022 have reportedly transferred most of the stolen funds from Ethereum (ETH) into Bitcoin (BTC). It is believed that the programmer used renBTC and Bitcoin privacy tools including Blender and ChipMixer to steal the funds.

Reportedly, the attackers moved the $625 million worth of USD Coin (USDC) and ETH to Ethereum-based crypto mixer Tornado Cash, making it difficult for authorities to trace the movement of the funds. After the transfer, the hackers took further steps to obscure the transactions.

According to the initial reports, the hackers, who are believed to be North Korean cybercrime organization Lazarus Group, sent about 6,250 ETH ($20.7 million) to centralized exchanges such as Binance, FTX, and Huobi before sending the funds to Blender.

BliteZero, a blockchain investigator and developer, said they have been tracing the stolen funds and noticed that the attackers had transferred all the assets to the Bitcoin protocol using a network bridge and other crypto exchanges.

The analyst commented:

I’ve found the answer in Blender sanction addresses. Most Blender sanction addresses are Blender’s deposit addresses used by Ronin hackers. They have deposited all their withdrawal funds to Blender after withdrawing from the exchanges.

While closing the Twitter thread, BliteZero said they are currently working on analyzing the hackers, although it seems to be more complex.

 

Latest news