2 min read

Ronin Hackers Used Sanctioned Crypto Mixers to Transfer Stolen Funds

Vlad CONSTANTINESCU

August 22, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ronin Hackers Used Sanctioned Crypto Mixers to Transfer Stolen Funds

Threat actors behind the massive Ronin bridge hack in March used privacy tools to convert stolen Ethereum (ETH) funds to Bitcoin (BTC), then transferred them through sanctioned mixer services.

The perpetrators processed most of the stolen assets from the $625 million hack using renBTC, an open, community-driven cross-chain transfer protocol, and Bitcoin mixing services Blender and ChipMixer.

The itinerary of the stolen funds has been analyzed by ₿liteZero, an investigator who works at blockchain security firm SlowMist, since the March 23 incident.

Hackers initially converted most of the stolen assets into ETH and used now-sanctioned crypto mixer Tornado Cash to cover their traces. They then bridged the funds to the Bitcoin network and used RenBTC to convert them into BTC.

As ₿liteZero’s report shows, the threat actors originally transferred a chunk of the funds (6,249 ETH) to centralized exchanges (CEX) five days after the attack. They then converted the tokens to BTC before sending almost $20.5 million worth of crypto assets to Bitcoin privacy tool Blender.

The bulk of the funds, 175,000 ETH, was gradually injected into Tornado Cash between April 4 and May 19. Hackers then used decentralized exchange (DEX) platforms 1inch and Uniswap to exchange nearly 113,000 ETH into renBTC.

Afterward, threat actors used renBTC’s cross-chain capabilities to bridge the stolen funds to the Bitcoin network and unwrap the tokens into BTC. Last but not least, the attackers scattered roughly 6,631 BTC through various DEX and CEX platforms and protocols.

Currently, the Ronin hack is still under scrutiny, as the on-chain investigator mentioned in the report.

I'm working on analyzing Ronin hackers, and the next work will be more complex.
'Where's the money?'
It is a mystery to be investigated, and I look forward to more progress being made.
Thanks for taking the time to read my thread, good luck!

Researchers believe that infamous North Korean cybercrime gang Lazarus Group members are the prime suspects behind the Ronin bridge hack. According to an announcement from Ronin’s official Twitter account, the FBI also “attributed North Korea based Lazarus Group to the Ronin Validator Security Breach.”

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read
Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data
Filip TRUȚĂ

December 05, 2022

1 min read
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read