Ronin hackers transferred stolen assets from Ethereum to the Bitcoin network, according to new findings by investigator and blockchain developer ₿liteZero.
After the Ronin Bridge hack in March, attackers transferred $625 million worth of USDC and ETH to an Ethereum-based Tornado Cash cryptocurrency mixer, making it difficult for authorities to track the movement of the funds. But Tornado is not the end as hackers take the next steps in masking transactions.
₿liteZero tracked the stolen funds and noticed that the attackers transferred all assets to the Bitcoin protocol using a network bridge and several cryptocurrency exchanges.
The blockchain investigator discovered that after the hackers withdrew funds from Tornado Cash, they sent about 6,250 ETH ($20.7 million) to centralized exchanges (CEX) such as Binance, Huobi, and FTX before sending the funds to North Korean cryptocurrency mixers.
In May, the US Treasury Department sanctioned the blender addresses, noting that the cryptocurrency mixer assisted Ronin hackers in processing more than $20.5 million of the stolen funds.
₿liteZero claims that most of the sanctioned Blender addresses were used by Ronin hackers to receive funds after withdrawing from CEX. Tracking the amount, the investigator noted that the total amount withdrawn from the exchanges amounted to $20.72 million, which coincided with the U.S. Treasury Department’s allegations.
The hackers converted the rest of the assets to the yuan using 1inch or Uniswap. renBTC is surrounded by bitcoin on the Ethereum network powered by Ren Protocol. Since Ren allows value movement between blockchains, hackers were able to connect assets from Ethereum to the Bitcoin network.
The hackers then sent most of the money to cryptocurrency mixers like ChipMixer and Blender. They transferred the money to ChipMixer before withdrawing some of the money to Blender.
At the end of the Twitter thread, ₿liteZero said they are currently working on analyzing the hackers, although this is very difficult.