Hackers involved in the $625 million attack on the Ronin Bridge in March converted We use renBTC and Bitcoin privacy tools Blender and ChipMixer to manage most of our assets from Ether (ETH) to Bitcoin (BTC).
Since then, the hackers who carried out the $625 million Ronin bridge attack in March converted most of their ETH holdings into BTC via renBTC and Bitcoin privacy tools Blender and ChipMixer.
On-chain investigator liteZero, who worked for SlowMist and contributed to the company’s 2022 Mid-Term Blockchain Security Report, is tracking hacker activity.
Most of the stolen assets were first mutated into ETH and then delivered to Tornado Cash, a licensed Ethereum crypto mixer, before being bridged to the Bitcoin network and exchanged into BTC via the Ren protocol. .
Ronin hackers initially moved only part of the funds
According to the report, on March 28, hackers believed to be members of the North Korean cybercriminal group Lazarus Group stole only a small portion of the funds (6,249 ETH) into controlled funds, including 5,028 ETH of Huobi. moved to a new exchange (CEX). FTX for 1,219 ETH.
6249 ETH seems to have been exchanged from CEX to BTC. Following that, the hacker sent his 439 BTC, or $20.5 million at the time of this writing, to his Blender bitcoin privacy tool licensed by the US Treasury Department on May 6th. Researchers said:
“The answer was in Blender Authorized Addresses. Most Blender Authorized Addresses are Blender deposit addresses used by Ronin hackers. .”
Hackers then converted around 113,000 ETH into renBTC (a wrapped version of BTC) via decentralized exchanges Uniswap and 1inch. We then used Ren’s decentralized cross-chain bridge to move assets from Ethereum to the Bitcoin network and unwrap renBTC to BTC.
Distribution of approximately 6,631 BTC to various centralized exchanges and decentralized protocols has begun.