An investigator from on-chain security agency SlowMist shares the results of his work on the 173,600 ETH stolen in the hack of Ronin (RON), the bridge of the blockchain game Axie Infinity. Almost all of the funds were reportedly transferred to the Bitcoin network (BTC) after laundering processes.
SlowMist agency traces stolen Ronin funds
The Ronin (RON) hack in March this year was the second biggest hack in decentralised finance (DeFi), with more than $600 million in stolen funds. Depending on the method of calculation, some sources even rank it in first place, ahead of Poly Network.
Since then, the transactions of the implicated addresses have been scrupulously monitored by experts in on-chain analysis. This is notably the case of an investigator answering to the pseudonym of BliteZero, working for the blockchain security agency SlowMist :
I’ve been tracking the stolen funds on Ronin Bridge.
I’ve noticed that Ronin hackers have transferred all of their funds to the bitcoin network. Most of the funds have been deposited to mixers(ChipMixer, Blender).
This thread will illustrate the tracking analysis procedures. pic.twitter.com/yrazcJ22xF
– ₿liteZero (@blitezero) August 20, 2022
According to his work, the funds would have moved almost entirely from the Ethereum blockchain (ETH) to the Bitcoin network (BTC). Currently, 170,400 ETH of the 173,600 ETH and 25.5 million USDC have reportedly been removed from Tornado Cash. The USDC were also changed into 8,568.68 ETH after the hack.
An attempt to fly under the radar
Through on-chain analysis, BliteZero attempted to track Ronin’s stolen funds. Thus, it was able to establish that once mixed on Tornado Cash, ETH were exchanged for renBTC through decentralised exchanges (DEX) such as Uniswap and liquidity aggregator 1inch.
renBTC is a synthetic asset representing the BTC price in the form of an ERC-20 token. It thus serves as a bridge between Ethereum and Bitcoin. The investigator reports that so far, nearly 11,700 BTC have been transferred:
Moreover, some of the funds would have been transited through exchanges such as FTX, Huobi or Crypto.com. For all these operations, a multitude of mixers, in addition to Tornado Cash, were used. We can notably mention Blender.io, another protocol under fire from the Office of Foreign Assets Control (OFAC).
On the other hand, the investigation highlights the difficulty of accurately tracking the movements of a group that does not want to be tracked. Further progress needs to be made and it is currently unclear whether the funds will ever be recovered.