Report: Ronin Crypto Hackers Find New Mixer to Convert Stolen ETH to BTC
Hackers have more recently tapped ChipMixer, a crypto mixing service founded in 2017 that has not yet been added to OFAC’s blocked list
Blockworks exclusive art by axel rangel
key takeaways
- Ronin bridge hackers moved funds to the Bitcoin network, new report shows
- Lazarus Group has used various crypto mixing services to conceal funds, including one not yet targeted by OFAC
The hacking collective believed to be behind the $625-million Ronin bridge hack has transferred stolen ether into bitcoin using a cryptocurrency mixing service the US Treasury has not yet targeted, according to a new report.
Lazarus Group, initially sanctioned by the Office of Foreign Assets Control (OFAC) in 2019, has used OFAC sanctioned cryptocurrency mixing services Blender.io and Tornado Cash to attempt to move and conceal funds.
Hackers have more recently tapped ChipMixer, a mixer founded in 2017 that has yet to be added to OFAC’s blocked list, according to the report from blockchain security firm SlowMist.
Learn: How Crypto Mixers and Privacy Coins Work
Lazarus Group converted 25.5 million USDC to ETH in March 2022. In the days that followed, hackers moved the ETH to various exchanges, including FTX and Crypto.com before withdrawing to the bitcoin network and mixing it through Blender.io, which the Treasury sanctioned in May.
Between April and May, the group moved funds through Tornado Cash, which was added to OFAC’s blocked list earlier this month.
Many of the funds were mixed through various services, the report said. Roughly half of the laundered bitcoins have been run through ChipMixer, according to SlowMist.
“36.6% of laundered funds are currently held at the hacker’s address, totalling 2,586 BTC,” the report noted. “6.2% of funds laundered were moved to Blender, with 3.8% of laundered funds moved to CryptoMixer and a small percentage to other unknown entities.”
The report comes as 2022 has seen an uptick in the use of crypto mixing services, which allow users to conceal the transaction history of certain cryptocurrencies by pooling and mixing them together with other users’ funds.
The 30-day moving average of value received by mixers reached an all-time high of nearly $52 million worth of crypto on April 19, according to a July report by Chainalysis — or roughly double the volumes at the same time in 2021.
Get the news in your inbox. Explore Blockworks newsletters:
- Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
- Empire: Start your morning with the top news and analysis to inform your day in crypto.
- Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
- 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
- Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
- The Drop: For crypto collectors and traders, covering apps, games, memes and more.
- Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
