- The hackers involved in the Ronin bridge attack moved $625 million worth of USDC and ETH to Tornado Cash.
- The cybercrime group continues to spread out the stolen funds using Bitcoin privacy tools to remain anonymous.
- The hackers’ identity is believed to be a North Korean cybercrime group Lazarus Group.
The hackers involved in the $625 million Ronin bridge attack in March 2022 have reportedly transferred most of the stolen funds from Ethereum (ETH) into Bitcoin (BTC). It is believed that the programmer used renBTC and Bitcoin privacy tools including Blender and ChipMixer to steal the funds.
Reportedly, the attackers moved the $625 million worth of USD Coin (USDC) and ETH to Ethereum-based crypto mixer Tornado Cash, making it difficult for authorities to trace the movement of the funds. After the transfer, the hackers took further steps to obscure the transactions.
According to the initial reports, the hackers, who are believed to be North Korean cybercrime organization Lazarus Group, sent about 6,250 ETH ($20.7 million) to centralized exchanges such as Binance, FTX, and Huobi before sending the funds to Blender.
BliteZero, a blockchain investigator and developer, said they have been tracing the stolen funds and noticed that the attackers had transferred all the assets to the Bitcoin protocol using a network bridge and other crypto exchanges.
I’ve been tracking the stolen funds on Ronin Bridge.
I’ve noticed that Ronin hackers have transferred all of their funds to the bitcoin network. Most of the funds have been deposited to mixers(ChipMixer, Blender).This thread🧵 will illustrate the tracking analysis procedures.👇🏻 pic.twitter.com/yrazcJ22xF
— ₿liteZero (@blitezero) August 20, 2022
The analyst commented:
I’ve found the answer in Blender sanction addresses. Most Blender sanction addresses are Blender’s deposit addresses used by Ronin hackers. They have deposited all their withdrawal funds to Blender after withdrawing from the exchanges.
While closing the Twitter thread, BliteZero said they are currently working on analyzing the hackers, although it seems to be more complex.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
