The hackers responsible for stealing US$610 million worth of crypto from Axie Infinity’s Ronin bridge back in March have since transferred most funds from ETH into BTC using renBTC and privacy tools like Blender, ChipMixer, and TornadoCash, according to a report.
See related article: Axie Infinity blockchain Ronin hacked for over $600M
- The majority of the stolen funds, 25,500,000 USDC, were initially converted into 8,564.6801 ETH on March 23. On March 28, 6,249.9778 ETH was sent to crypto exchanges like FTX, Crypto.com, and Huobi, according to SlowMist’s 2022 Mid-Year Blockchain Security report.
- According to the report, from March 28 to 29, the hackers withdrew the BTC from the exchanges to the Bitcoin network, transferring it to coin mixer Blender.io — which was since sanctioned by the U.S Treasury.
- From April 4 to May 19, the group transferred 175,000 ETH to the recently sanctioned crypto mixer Tornado Cash, the report said. After withdrawing from Tornado Cash, the funds were swapped for renBTC and bridged to the BTC network. Most funds were sent to coin mixers like ChipMixer and Wasabi Coinjoin. After withdrawing from the mixers, the attackers sent most of the funds back to other mixers like Blender.io and ChipMixer, with a small part of the funds going to exchanges like Binance, Coinbase, and WhiteBit, the report said.
- To date, the hackers withdrew US$20.72 million worth of stolen funds from exchanges, according to on-chain investigator ₿liteZero of SlowMist.
- The US$610 million hack targeted Axie Infinity’s Ronin sidechain, highlighting the vulnerabilities of cross-chain bridges. It is currently known as the biggest theft in the history of digital assets.
- Although the attackers are believed to be the North Korean cybercrime organization Lazarus Group, ₿liteZero ended his thread by writing that there’s more work to be done before finding the money: “It is a mystery to be investigated, and I look forward to more progress being made,” he wrote.
See related article: North Korea behind Ronin hack: US