The Ronin bridge hackers transferred the stolen funds from ETH to BTC and used legitimate combinations

The hackers who destroyed $625 million in Ronin Bridge in March transferred most of their cash from Ether (ETH) to Bitcoin (BTC) utilizing cryptographic instruments renBTC and Bitcoin Blender and ChipMixer.

Hacker’s actions had been to comply with is an on-chain researcher ₿liteZero, who works at SlowMist and contributed to the 2022 Mid-Year Blockchain Security report.

Most of the stolen cash was transformed to ETH and despatched to the now-approved Ethereum Tornado Cash cryptocurrency mixer earlier than being linked to the Bitcoin community and transformed to BTC by way of the Ren protocol.

I’ve been investigating the stolen cash from Ronin Bridge.
I noticed that the Ronin hackers transferred all their cash to the bitcoin community. Some huge cash was invested in mixers (ChipMixer, Blender).

This article describes the analysis course of.

— ₿liteZero (@blitezero) August 20, 2022

According to the report, hackers, believed to be the North Korean Cybercrime group Lazarus Group, initially transferred solely a part of the fund, or 6,249 ETH, to centralized exchanges (CEXs), together with Huobi and 5,028 ETH and FTX. and 1,219 ETH on March 28.

On CEXs, 6249 ETH seems to have been transformed to BTC. The hackers transferred 439 BTC, or $20.5 million at the time of writing, to the personal Bitcoin Blender instrument, which was additionally approved by the US Treasury on May 6. The knowledgeable wrote:

“I discovered the reply in the Blender addresses. Most of the legitimate Blender addresses are Blender deposit addresses used by Ronin hackers. They deposited all their cash in Blender after leaving the alternate.”

However, the majority of the stolen funds – 175,000 ETH – had been transferred to Tornado Cash over and over once more between April 4th and May nineteenth.

Hackers used Uniswap and 1inch alternate to convert round 113,000 ETH to renBTC (BTC model) and used the Ren bridge to switch Ethereum belongings to the Bitcoin community and launch renBTC to BTC.

From there, roughly 6,631 BTC was distributed to varied centralized international locations and established protocols:

The report additionally said that Ronin hackers took 2,871 BTC out of three,460 BTC, or $61.6 million as of Aug. 22, via the secret instrument Bitcoin ChipMixer.

₿liteZero ended the Twitter thread by saying that the Ronin hack stays “a thriller to be investigated” and that progress should be made.


Leave a Comment

Your email address will not be published.