North Korean hacker group Lazarus, which stole $625 million worth of cryptos from Axie Infinity, allegedly used the Ren Bridge protocol and sanctioned cryptomixers Blender and ChipMixer to launder the stolen ETH tokens and USDC coins, a report published by Blite said Zero, a researcher at the crypto security research firm Slow Mist.
Ronin Bridge Hack
On March 23, 2022, the Lazarus Group withdrew around 173,600 ETH and 25,500,000 USDC from Ronin Bridge, an Ethereum sidechain built for the popular play-to-earn (P2E) non-fungible token game Axie Infinity, after leveraged a validator node. vulnerability.
The hackers then converted the stolen USDC coins into ETH and then transferred 6,249 ETH to crypto exchanges such as Huobi, FTX and crypto.com, the report published on Twitter said.
On March 29, 2022, hackers then withdrew Bitcoins (BTC) from the exchange’s custodial wallets to the BTC network and laundered a certain amount of BTC through Blender. Most of the stolen funds – 175,000 ETH – were sent to Tornado Cash between April 4th and May 19th.
After that, the hackers used the decentralized exchanges Uniswap and 1inch to convert about 113,000 ETH to renBTC (a wrapped version of BTC) and then used Ren’s decentralized cross-chain bridge to transfer the assets from Ethereum to the Bitcoin network and unpack renBTC to BTC.
RenBTC is part of the Ren Protocol project, which allows a decentralized representation of Bitcoin inside Ethereum. The Ren project aims to create a token backed by BTC. The hackers then transferred 439 BTC to Blender, a sanctioned crypto mixer. Blender addresses were sanctioned by the US Treasury Department on May 6, citing that the crypto mixer helped Ronin Bridge hackers launder over $20 million in stolen funds.
About 6,631 BTC was transferred from Blender to several centralized exchanges and decentralized protocols.
When I scanned bitcoin transactions (April 7 ~ May 14) for withdrawals by Ronin hackers, I came to the following conclusions:
After withdrawing from ChipMixer, half of the funds were invested in Blender. pic.twitter.com/eX12fC04GO
— ₿liteZero (@blitezero) 20 August 2022
Scans of Bitcoin transactions between April 7 and May 14 indicate that more than half of the funds were transferred to Chipmixer. According to Blite Zero, the hacker’s next move will be more complex. Although Blit Zero has traced the money to Chipmixer and Blender, he has not revealed the wallet addresses. It is unclear how the stolen funds can be recovered, even if the funds have been located on the blockchain. Unless the wallet owner surrenders the funds, no one can retrieve the stolen funds, and the only solution is to sanction the wallet addresses.
Recently, Vitalik Buterin, the Russian-born ETH founder, said he wanted to punish validators who complied with censorship requests.