According to recent discoveries by blockchain researcher and developer liteZero, the Ronin hackers moved the stolen funds from the Ethereum network to the Bitcoin network.
To transfer the money to the bitcoin blockchain, the Ronin hackers exploited Ren Protocol and a number of controlled crypto exchanges.
Remember how the hackers transferred $625 million worth of USDC and ETH to the Ethereum-based cryptocurrency mixer Tornado Cash after the Ronin bridge breach in March?
Authorities found it difficult to track the flow of the monies as a result of this. The hackers continued their efforts to obfuscate the transactions after Tornado.
Monitoring the Cash
According to liteZero, who has been following the stolen money, the attackers moved all of the assets to the Bitcoin protocol utilizing a network bridge and a number of cryptocurrency exchanges.
Centralized Exchanges are used
The blockchain investigator discovered that the hackers moved around 6,250 ETH ($20.7 million) to controlled exchanges (CEXs) including Binance, Huobi, and FTX after withdrawing the money from Tornado Cash and transferring it to the North Korean cryptocurrency mixer Blender.
The US Treasury Department imposed sanctions on Blender addresses in May after discovering that the crypto mixer helped the Ronin hackers handle more than $20.5 million of the stolen money.
It’s interesting to note that according to liteZero, the Ronin hackers utilized the majority of the sanctioned Blender addresses to receive money after making withdrawals from CEXs.
The investigator observed that the total amount of money taken out of the exchanges was $20.72 million, which is in line with the claim made by the U.S. Treasury.
Ronin Hackers connected the Bitcoin network to stolen money
Using 1inch or Uniswap, the hackers changed the remaining assets to renBTC. Ren Protocol-powered renBTC is wrapped bitcoin running on the Ethereum network.
The ability of Ren to transport value across blockchains allowed the hackers to connect the Ethereum assets to the Bitcoin network.
The majority of the money was then sent by the hackers to cryptocurrency mixers like Blender and ChipMixer. Before extracting some money for Blender, they transferred the money to ChipMixer.
liteZero concluded the Twitter discussion by stating that they are now working on studying the hackers, despite the fact that they think it will be more difficult.
