Report: Ronin Crypto Hackers Find New Mixer to Convert Stolen ETH to BTC

Hackers have more recently tapped ChipMixer, a crypto mixing service founded in 2017 that has not yet been added to OFAC’s blocked list

by Casey Wagner /

August 22, 2022 11:29 am

Blockworks exclusive art by axel rangel

key takeaways

Ronin bridge hackers moved funds to the Bitcoin network, new report shows
Lazarus Group has used various crypto mixing services to conceal funds, including one not yet targeted by OFAC

The hacking collective believed to be behind the $625-million Ronin bridge hack has transferred stolen ether into bitcoin using a cryptocurrency mixing service the US Treasury has not yet targeted, according to a new report.

Lazarus Group, initially sanctioned by the Office of Foreign Assets Control (OFAC) in 2019, has used OFAC sanctioned cryptocurrency mixing services Blender.io and Tornado Cash to attempt to move and conceal funds.

Hackers have more recently tapped ChipMixer, a mixer founded in 2017 that has yet to be added to OFAC’s blocked list, according to the report from blockchain security firm SlowMist.

Learn: How Crypto Mixers and Privacy Coins Work

Lazarus Group converted 25.5 million USDC to ETH in March 2022. In the days that followed, hackers moved the ETH to various exchanges, including FTX and Crypto.com before withdrawing to the bitcoin network and mixing it through Blender.io, which the Treasury sanctioned in May.

Between April and May, the group moved funds through Tornado Cash, which was added to OFAC’s blocked list earlier this month.

Many of the funds were mixed through various services, the report said. Roughly half of the laundered bitcoins have been run through ChipMixer, according to SlowMist.

“36.6% of laundered funds are currently held at the hacker’s address, totalling 2,586 BTC,” the report noted. “6.2% of funds laundered were moved to Blender, with 3.8% of laundered funds moved to CryptoMixer and a small percentage to other unknown entities.”

The report comes as 2022 has seen an uptick in the use of crypto mixing services, which allow users to conceal the transaction history of certain cryptocurrencies by pooling and mixing them together with other users’ funds.

The 30-day moving average of value received by mixers reached an all-time high of nearly $52 million worth of crypto on April 19, according to a July report by Chainalysis — or roughly double the volumes at the same time in 2021.

Don’t miss the next big story – join our free daily newsletter.

Tags

Newsletter

Blockworks Daily

Upcoming Events

Digital Asset Summit 2024 | London

Hilton Metropole | 225 Edgware Rd, London

MON - WED, MARCH 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts Grow your network […]

buy tickets learn more

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

learn more

recent research

Research

Frax V3: A Deep Dive

Frax saw continued development in its frxETH liquid staking derivative and Fraxlend money market throughout 2023. Frax V3 introduces an RWA strategy to drive utility to the protocol's cornerstone product, the FRAX stablecoin.

by 0xpibblez