Report: Ronin Crypto Hackers Find New Mixer to Convert Stolen ETH to BTC

Hackers have more recently tapped ChipMixer, a crypto mixing service founded in 2017 that has not yet been added to OFAC’s blocked list

by Casey Wagner /
article-image

Blockworks exclusive art by axel rangel

share

key takeaways

  • Ronin bridge hackers moved funds to the Bitcoin network, new report shows
  • Lazarus Group has used various crypto mixing services to conceal funds, including one not yet targeted by OFAC

The hacking collective believed to be behind the $625-million Ronin bridge hack has transferred stolen ether into bitcoin using a cryptocurrency mixing service the US Treasury has not yet targeted, according to a new report. 

Newsletter

Subscribe to The Breakdown

Lazarus Group, initially sanctioned by the Office of Foreign Assets Control (OFAC) in 2019, has used OFAC sanctioned cryptocurrency mixing services Blender.io and Tornado Cash to attempt to move and conceal funds. 

Hackers have more recently tapped ChipMixer, a mixer founded in 2017 that has yet to be added to OFAC’s blocked list, according to the report  from blockchain security firm SlowMist. 

Learn: How Crypto Mixers and Privacy Coins Work

Lazarus Group converted 25.5 million USDC to ETH in March 2022. In the days that followed, hackers moved the ETH to various exchanges, including FTX and Crypto.com before withdrawing to the bitcoin network and mixing it through Blender.io, which the Treasury sanctioned in May. 

Between April and May, the group moved funds through Tornado Cash, which was added to OFAC’s blocked list earlier this month. 

Many of the funds were mixed through various services, the report said. Roughly half of the laundered bitcoins have been run through ChipMixer, according to SlowMist. 

“36.6% of laundered funds are currently held at the hacker’s address, totalling 2,586 BTC,” the report noted. “6.2% of funds laundered were moved to Blender, with 3.8% of laundered funds moved to CryptoMixer and a small percentage to other unknown entities.” 

The report comes as 2022 has seen an uptick in the use of crypto mixing services, which allow users to conceal the transaction history of certain cryptocurrencies by pooling and mixing them together with other users’ funds. 

The 30-day moving average of value received by mixers reached an all-time high of nearly $52 million worth of crypto on April 19, according to a July report by Chainalysis — or roughly double the volumes at the same time in 2021.

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Permissionless IV Hackathon

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

learn more

recent research

Research Report Templates.png

Research

Maple Finance: Institutional Lending

Maple Finance has successfully navigated significant market challenges through its strategic pivot to secured lending (Maple v2) and the launch of its Syrup product. Syrup has become a primary growth driver, delivering sustainable, outperforming stablecoin yields and rapidly increasing TVL. The upcoming custody-first Bitcoin staking product (istBTC) presents another significant avenue for expansion. Crucially, Maple has achieved operational profitability, a key inflection point that, combined with a fully vested token and active buyback mechanism, strengthens its investment case. While valuation metrics suggest potential undervaluation relative to peers and growth, the primary forward-looking risk identified is the long-term sustainability of its current high-take-rate collateral staking revenue model.

by Shaunda Devens

/

news

article-image

The DropWeb3

Pplpleasr’s streaming platform is back with 5 short films

The shorts looking for funding range from charming animated series to gritty live-action dramas

by Kate Irwin /
article-image

The Breakdown

A new look, and the crypto-ization of finance

Money, it turns out, is emergent, like consciousness

by Byron Gilliam /
article-image

Lightspeed NewsletterMarkets

SOL is up and memes are back

Bridge flows churn in both directions as risk appetite returns

by Jeff Albus /
article-image

Forward Guidance NewsletterMarkets

Big Tech stocks extend rally on Chinese tariff pause

Even with an uncertain outlook thanks to tariffs, Big Tech executives are still ramping up their AI investments

by Casey Wagner /
article-image

The DropWeb3

Yuga Labs sells CryptoPunks to new nonprofit in focus shift

The Infinite Node Foundation has $25 million in funding and plans to exhibit the Punks in Palo Alto

by Kate Irwin /
article-image

0xResearch NewsletterDeFi

Bitcoin derivatives hit Starknet and Sui

LBTC and sBTC integrations unlock new DeFi yields for BTC holders

by Macauley Peterson /