Five days after the historic attack on Ronin Bridge, the stolen funds begin to be moved by the hackers. The movements were reported by Chinese journalist Colin Wu and took place throughout this Monday (4).
As per block explorer data etherscan, there were 24 transactions in the last four hours. The first of them moved 1,000 Ether (ETH). This was followed by another large transaction of 1,001 ETH.
Another 22 transactions moved around 100 ETH each, while two moved much smaller amounts (0.00001 ETH). All of them were sent from the hacker’s address to Tornado Cash, a service that mixes cryptocurrency transactions.
Transactions begin to be tracked
Hacker initially moved part of the funds to the FTX exchange. But since major platforms use identity verification (KYC) processes, this is not a good strategy.
In addition to FTX, exchanges such as Huobi and Crypto.com possibly received funds from the attack. All promised to act and investigate the accounts that received the transactions.
Therefore, the hackers changed their strategy and decided to hide the stolen funds before withdrawing them in fiat currencies. In this sense, transaction mixers serve to hide the origin of funds from an address.
The use of mixers is not necessarily a crime, but the tool has been used by criminals to hide stolen funds, in a kind of modern money laundering. That’s why these tools are increasingly in the sights of the authorities.
“This is when privacy-focused blockchains fail and end up acting as ammunition for more stringent regulations that affect legitimate retail and institutional investors,” said the founder of Immutable Vision.
Tornado Cash is the main mixer used on the market. It provides private and anonymous transactions for ETH and ERC-20 tokens, breaking the association between source and destination addresses on the blockchain. This makes it more difficult to trace the origin of the transferred funds.
Understand the attack
The Ronin Bridge is a bridge that allows cross-transfers to and from the Axie Infinity ecosystem. In late March, the service fell victim to an attack that drained $620 million worth of ETH and stablecoin USD Coin (USDC).
The attack took place when the hacker gained access to five of the nine nodes that authorized transactions on Sky Mavis, the company behind Axie Infinity. With control of the majority of the network, he was able to authorize withdrawal transactions and send the funds to their wallets.
As a result, this was the biggest attack on a cryptocurrency protocol in all of history, only users accused Sky Mavis of negligence. This is because the attack took place on March 23, but was only discovered on the 29th, when a user tried to withdraw 5,000 ETH from Ronin and was unsuccessful.
Sky Mavis stated that it is fully committed to repaying the victims of the attack.