The Ronin hackers are using Bitcoin privacy to spread out the stolen funds in the form of Ethereum, enabling them to remain anonymous. The identity of the hackers has not yet been discovered, but some of the sources disclosed that they could belong to the cybercrime group of North Korea.
The Ronin Bridge attackers, who stole $625 million in March, have been transferring ETH into BTC coins using the Bitcoin privacy networks—ChipMixer, Blender, and renBTC.
BliteZero, an on-chain investigation firm, has tracked the hacker’s activities. SlowMist appointed BliteZero, which contributed immensely to the company’s Security Report of Blockchain in mid-2022.
The hackers have been tactfully handling the stolen funds. First, the entire amount was converted into Ethereum using Tornado Cash, an ETH crypto mixer. Eventually, the amount was bridged further using the Ren Protocol and cashed out in BTC.
A detailed report of the stolen funds:
As per the information released through the reports, the hackers likely belong to the Lazarus Group, a cybercrime organisation in North Korea. The attackers had transferred just a part of the stolen money amounting to 6,249 Ethereum to the CEXs (Centralized Exchanges), including FTX, which received 1,219 ETH, while Huobi had 5,028 ETH on March 28th.
However, the ETH currency was tactfully exchanged into BTC through the CEXs. Now, the hackers have transferred 439 bitcoins into cash, equating to $20.5 million, through the US Treasury-sanctioned Bitcoin privacy pool.
Meanwhile, the hackers used some decentralised exchanges, including -1inch and Uniswap, to convert 113,000 Ethereum into the wrapped version of Bitcoin—renBTC.