According to recent discoveries by blockchain researcher and developer BliteZero, the Ronin hackers moved the stolen assets from the Ethereum network to the Bitcoin network.
Notably, the hackers transferred $625 million worth of USDC and ETH to the Ethereum-based crypto mixer Tornado Cash after the Ronin bridge hack in March, making it difficult for law enforcement to track the movement of the money. The hackers continued their efforts to conceal the transactions during the crackdown on Tornado Cash.
According to BliteZero, who has been tracking the stolen money, the hackers moved all of the assets to the Bitcoin protocol utilizing a network bridge and a number of cryptocurrency exchanges.
I've been tracking the stolen funds on Ronin Bridge.
I've noticed that Ronin hackers have transferred all of their funds to the bitcoin network. Most of the funds have been deposited to mixers(ChipMixer, Blender).This thread🧵 will illustrate the tracking analysis procedures.👇🏻 pic.twitter.com/yrazcJ22xF
— ₿liteZero (@blitezero) August 20, 2022
The blockchain investigator discovered that the attackers moved around 6,250 ETH ($20.7 million) to controlled exchanges (CEXs) like Binance, Huobi, and FTX after withdrawing the money from Tornado Cash before sending it to the North Korean cryptocurrency mixer Blender.
Ronin hackers used CEXs to launder over $20M
In May, the US Treasury Department imposed sanctions on Blender addresses after discovering that it helped the Ronin hackers process more than $20.5 million of the stolen money.
It’s interesting to note that according to BliteZero, the Ronin hackers used the majority of the sanctioned Blender addresses to accept money after making withdrawals from CEXs. The investigator noted that the total amount of money taken out of the exchanges was $20.72 million, which is in line with the claim made by the U.S. Treasury.
Using 1inch or Uniswap, the hackers changed the remaining assets to renBTC. Ren Protocol-powered renBTC is wrapped bitcoin running on the Ethereum network. The ability of Ren to transport value between blockchains allowed the hackers to connect the Ethereum assets to the Bitcoin network.
The majority of the money was then sent by the hackers to cryptocurrency mixers like Blender and ChipMixer. Before extracting some cash for Blender, they transferred the money to ChipMixer.
