According to new information from blockchain researcher and developer ₿liteZero, the Ronin hackers moved the stolen funds from Ethereum to the Bitcoin network on August 20. The hackers used Ren’s decentralised cross-chain bridge to transfer Ethereum’s assets to the Bitcoin network and extract the renBTC (packaged form of BTC) into BTC. The Ronin Bridge $625 million hack happened in March, when hackers transferred $625 million worth of USDC and ETH to the Ethereum-based crypto mixer Tornado Cash, making it challenging for law enforcement to follow the flow of money. The hackers continued their efforts to disguise the transactions after the Tornado.
On-chain investigator ₿liteZero, a contributor to SlowMist’s 2022 Mid-Year Blockchain Security Report, has been following the hacker’s behaviour. Since the March 23 incident, they described the transactions that took place with the stolen money. According to the sources, the hackers belong to the North Korean cybercrime Lazarus Group. The hackers only moved a fraction of the fund—6,249 ETH—to centralised exchanges including Huobi (5,028 ETH) and FTX on March 28.
The 6249 ETH obtained from centralised exchanges appears to have been converted into BTC. In the following phase, the hackers sent 439 BTC ($20.5 million) to the May 6 sanctioned crypto privacy tool mixers. ₿liteZero concluded the Twitter discussion by stating that they are now working on analysing the hackers, despite the fact that they think it will be more difficult.