The latest findings show that the attackers converted the rest of the Ronin assets to renBTC using 1inch or Uniswap. Since Ren allows transferring value between blockchains, the hackers managed to bridge the assets from Ethereum to the Bitcoin network.
The attackers who stole as much as $625 million from Axie Infinity’s Ronin Network back in March have moved the funds from Ethereum (ETH) to the Bitcoin (BTC) network. According to the latest data from the investigation run by BliteZero, the transfer was completed using a network bridge and several crypto exchanges.
Initially, over 5,505 Ethereum linked to the Ronin exploiter address have been moved through privacy exchange Tornado Cash. The transaction was performed in 55 batches with about 100 ETH moved with each transaction. Besides, parts of the funds have been transferred to FTX, Huobi, and Crypto.com, among other exchanges.
Now, the latest findings show that the attackers converted the rest of the Ronin assets to renBTC using 1inch or Uniswap. renBTC is wrapped Bitcoin on the Ethereum network powered by Ren Protocol. Since Ren allows transferring value between blockchains, the hackers managed to bridge the assets from Ethereum to the Bitcoin network.
Further, BliteZero stated that the hackers then sent the funds to crypto mixers such as ChipMixer and Blender. Notably, the investigator has also found out that the attackers used sanctioned Blender addresses to receive funds after withdrawing from CEXs.
Currently, BliteZero is working on further investigation, keeping track of the funds’ movement.
The security breach of Ronin Network took place in March. As a result, the Ronin bridge and Katana DEX suspended operations. When announcing the hack, Ronin Network stated that four Ronin validator nodes, as well as Axie DAO validator nodes, were compromised. As a result, the attacker was able to drain the ETH and USDC in two transactions. To fake withdrawals, the hackers were using their private keys. A user who could not withdraw 5K ETH from the bridge reported the situation to Ronin.
The Lazarus Group and Its Hacks
According to the US Treasury Department, the North Korean cybercrime Lazarus Group is the one responsible for the Ronin Network attack. Not much is known about this group, but researchers have attributed many cyberattacks that occurred between 2010 and 2021 to them.
Run by the North Korean state, Lazarus Group is one of the top cyber threat groups worldwide. Always in the headlines, they carry out hacking campaigns around the globe. Researchers are attributing most of the biggest cyberattacks to them. For example, its attack on Sony Pictures in 2014 and an ingenious cyber heist on the Central Bank of Bangladesh in 2016 that stole $81 million are the most famous ones. Lazarus Group develops their own attack tools and malware, using innovative attack techniques. Its methods aim to avoid detection by security products and to remain undetected within the hacked systems for as long as possible.
next