According to an expert with security firm SlowMist, the cybercriminals behind the Ronin bridge attack in March this year converted part of the stolen funds from ether to bitcoin and used privacy mixers to conceal their identities, CoinDesk wrote.
They made away with $625m
As Bankless Times wrote, the hackers stole $625 million in the Ronin bridge exploit, which affected Sky Mavis’ validator nodes. Sky Mavis is behind Axie DAO and the well-known Axie Infinity game. In March, the hackers stole 25.5 million in USDC and around 173,600 ether.
The hackers got into private keys and faked withdrawals from the Ronin bridge in two transactions.
Converted via Tornado and sent to Huobi
According to the expert with SlowMist, who goes under the pseudonym “blitezero,” around 6,250 ether were converted through Tornado Cash and then to bitcoin on Huobi crypto exchange. On March 28, they sent 5,028 ether to FTX.
$20.5m sent to Blender
Around 439 bitcoin was sent from Huobi to Blender, a bitcoin privacy tool. This amount is equivalent to $20.5 million at the current price. Blender hides user addresses to increase the privacy of transactions. It was the first bitcoin mixer in history to be sanctioned by the US government.
The pseudonymous expert commented that most of the deposit addresses Ronin hackers used were the same as US government-sanctioned Blender addresses.
Ultimately, the Ronin attack was linked to Lazarus, an infamous North Korean hacker organization.
Uniswap and 1inch were also used
Blitezero added that more than 113,000 ether that had been sent to Tornado Cash was exchanged for the Ethereum Mainnet token renBTC, which represents bitcoin, through 1inch, Uniswap, and other decentralized exchanges. Then, they sent renBTC to Bitcoin and redeemed it for bitcoin at spot prices.