The Intriguing Journey of Stolen Funds

The Ronin Bridge hack in March 2022 set the crypto world ablaze, with hackers siphoning off a staggering $625 million. The plot thickens as these digital bandits have made some interesting financial choices, swiftly transforming large amounts of Ether (ETH) into Bitcoin (BTC) using some of the most notorious privacy tools out there.

From Ether to Bitcoin: A Conversion Tale

It’s like watching a magician perform a sleight of hand, but with actual money involved. Initially, the stolen funds were converted into ETH before being shuffled off to the infamous Tornado Cash mixer, a platform now sanctioned due to its association with illicit activities. From here, the hackers directed their funds over to the Bitcoin network through the Ren protocol, exchanging their ETH for the more media-savvy BTC.

Who’s Hunting the Hackers? Meet ₿liteZero

With a digital magnifying glass in hand, investigator ₿liteZero has been peeling back the layers of this mystery. Working with SlowMist, he has mapped out the pathway of stolen funds. While some hackers prefer the shadows, ₿liteZero is out here illuminating the path taken by the Ronin hackers, who are widely believed to be part of the notorious Lazarus Group from North Korea.

Centralized Exchanges: The Final Stop?

On March 28, a mere five days post-hack, the hackers shifted 6,249 ETH to the centralized exchanges, primarily dropping a significant chunk at Huobi. It begs the question: are exchanges the last line of defense against hackers, or do they serve as a welcoming mat for them? These funds quickly transformed into BTC before being sent to the aforementioned privacy hot spots, Blender, and ChipMixer. Spoiler alert: It’s not looking good for the heroes in this story.

Why Sanctioned Tools? A Curious Choice

After transferring generous amounts to mixers with hefty reputations, it’s clear the hackers knew exactly how to avoid detection—or so they thought. ₿liteZero pointed out that most of Blender’s sanctioned addresses were used by the Ronin hackers. Seems like they might have taken the phrase “hiding in plain sight” a little too literally.

The Unraveling Mystery

As of August 22, the Ronin hackers managed to withdraw millions through Bitcoin privacy tools while keeping the vast majority of their procedure under wraps. With over 6,631 BTC distributed across various exchanges and protocols, the query remains: will justice eventually catch up to these elusive cyber bandits? One thing’s for certain—this epic saga has the crypto community on the edge of their seats, eagerly anticipating the next plot twist.