The majority of the assets used by the hackers behind the Bridge Ronin assault in March were transformed utilizing mixers. The current fundraising efforts are complicated by the use of various mixers and other anonymization procedures.
Revisiting the Ronin hack
One of the largest hacks to ever occur in the crypto world is now the Ronin bridge hack. As a reminder, hackers used a bridge on the Ronin blockchain to steal no less than $622 million, mostly in ether and usdc. One of the most well-known games to win in the industry is hosted by this Ethereum sidechain: Axie Infinity.
In order to succeed, hackers had to attack 5 of Ronin’s validating nodes, which gave them access to almost 173,600 ETH and 25.5 million USDC. Ronin’s bridge had been suspended as a result of this attack to stop any additional theft. Ronin then got in touch with Chainalysis to track the flow of money. As a result of this attack, both the RON tokens and the AXS experienced significant drops.
The 2022 year is especially full of attacks of all types, and the Ronin bridge hack just adds to that. Recently, a significant heist occurred in Solana’s Phantom wallet as well as the Harmony blockchain, where over $100 million vanished. Currently, 2022 has a record number of stolen funds, especially in the decentralized finance industry.
Reports of stolen money
First, hackers used renBTC and privacy tools like Blender and ChipMixer to convert ETH and USDC cash to BTC.
The trail the stolen assets took piqued the interest of liteZero, an on-chain investigator for SlowMist, a blockchain security firm. We find out that most of the stolen money was converted into ether and subsequently put on tornado cash, the mixer that has been the subject of recent news stories. The money subsequently traveled across the Bitcoin network and underwent REN protocol conversion into BTC.
The article claims that on March 28, just a small percentage of the assets were transferred to centralized exchanges by the hackers, who are thought to be members of the North Korean organization Lazarus. It would only cost 6249 ETH total, of which 5028 ETH would go to Huobi and 1219 ETH to FTX.
These exchanges are where the Ether was converted to BTC. The hackers then sent the Blender Bitcoin mixer 439 BTC, or around $20.5 million. A mechanism that guarantees transaction anonymity and was approved by the US Treasury in May of last year is Tornado Cash.
It is declared by LiteZero
- I found the answer in Blender’s penalty addresses. Most Blender sanction addresses are Blender repository addresses used by Ronin hackers. They deposited all their funds in Blender after withdrawing them from exchanges.
I've been tracking the stolen funds on Ronin Bridge.
— ₿liteZero (@blitezero) August 20, 2022
I've noticed that Ronin hackers have transferred all of their funds to the bitcoin network. Most of the funds have been deposited to mixers(ChipMixer, Blender).
This thread🧵 will illustrate the tracking analysis procedures.👇🏻 pic.twitter.com/yrazcJ22xF
After that, the hackers used the decentralized exchanges UniSwap and 1inch to convert about 113,000 Ether into renBTC (a wrapped Bitcoin). Then, they converted renBTC into BTC and transferred assets from the Ethereum network to the Bitcoin network using Ren’s decentralized cross-chain bridge.
Thus, the distribution of roughly 6631 BTC through centralized and decentralized exchanges was made possible.
The SlowMist paper also discusses the challenges of monitoring money owing to the numerous transactions and protocol usage.
These protocols, like Tornado Cash or Blender.io, are already subject to sanctions, yet they are once again caught in the crossfire. We’ll keep a careful eye on the findings of this study. This information demonstrates the wealth of tools accessible to hackers to hide their transactions and dissipate the stolen money!