Ronin hackers used authorised mixers to move stolen money ETH to BTC

23-Aug-2022 By: Divya Behl

Despite the fact that the identity of the hackers is thought

to be a North Korean cybercrime outfit, the hackers continue to disperse the stolen money utilising Bitcoin privacy tools in order to remain anonymous | best app cryptocurrency

Since then, the hackers that carried out the $625 million Ronin bridge assault in March have converted the majority of their ETH holdings into BTC via renBTC and the Bitcoin privacy tools Blender and ChipMixer. On-chain investigator liteZero, who works for SlowMist and contributed to the company's 2022 Mid-Year Blockchain Security report, has been following the hacker's behaviour. Since the March 23 incident, they described the transactions that took place with the stolen money.

The majority of the stolen money was first changed into ETH and delivered to Tornado Cash, an Ethereum crypto mixer that has since been sanctioned, before being bridged to the Bitcoin network and converted into BTC via the Ren protocol. The report claims that on March 28, the hackers, who are thought to be members of the North Korean cybercrime group Lazarus Group, moved only a small fraction of the fund—6,249 ETH—to controlled exchanges (CEXs), including Huobi with 5,028 ETH and FTX with 1,219 ETH.

The 6249 ETH seems to have been converted into BTC from the CEXs. Following that, the hackers sent 439 BTC, or $20.5 million at the time of writing, to the Bitcoin privacy tool Blender, which was also sanctioned by the U.S. Treasury on May 6.

The hackers then converted about 113,000 ETH to renBTC (a wrapped version of BTC) via the decentralised exchanges Uniswap and 1inch. They then used Ren's decentralised cross-chain bridge to move the assets from Ethereum to the Bitcoin network and unwrap the renBTC into BTC. The study also revealed that the Ronin hackers used the Bitcoin privacy tool ChipMixer to withdraw 2,871 BTC out of the 3,460 BTC, or $61.6 million as of August 22.

The Ronin hack is still a "mystery to be solved," according to liteZero, who finished the Twitter conversation, and more work needs to be done.

WHAT'S YOUR OPINION?