Report: Ronin Crypto Hackers Find New Mixer to Convert Stolen ETH to BTC

Hackers have more recently tapped ChipMixer, a crypto mixing service founded in 2017 that has not yet been added to OFAC’s blocked list

by Casey Wagner /
article-image

Blockworks exclusive art by axel rangel

share
  • Ronin bridge hackers moved funds to the Bitcoin network, new report shows
  • Lazarus Group has used various crypto mixing services to conceal funds, including one not yet targeted by OFAC

The hacking collective believed to be behind the $625-million Ronin bridge hack has transferred stolen ether into bitcoin using a cryptocurrency mixing service the US Treasury has not yet targeted, according to a new report. 

Lazarus Group, initially sanctioned by the Office of Foreign Assets Control (OFAC) in 2019, has used OFAC sanctioned cryptocurrency mixing services Blender.io and Tornado Cash to attempt to move and conceal funds. 

Hackers have more recently tapped ChipMixer, a mixer founded in 2017 that has yet to be added to OFAC’s blocked list, according to the report  from blockchain security firm SlowMist. 

Newsletter

Subscribe to The Breakdown

Learn: How Crypto Mixers and Privacy Coins Work

Lazarus Group converted 25.5 million USDC to ETH in March 2022. In the days that followed, hackers moved the ETH to various exchanges, including FTX and Crypto.com before withdrawing to the bitcoin network and mixing it through Blender.io, which the Treasury sanctioned in May. 

Between April and May, the group moved funds through Tornado Cash, which was added to OFAC’s blocked list earlier this month. 

Many of the funds were mixed through various services, the report said. Roughly half of the laundered bitcoins have been run through ChipMixer, according to SlowMist. 

“36.6% of laundered funds are currently held at the hacker’s address, totalling 2,586 BTC,” the report noted. “6.2% of funds laundered were moved to Blender, with 3.8% of laundered funds moved to CryptoMixer and a small percentage to other unknown entities.” 

The report comes as 2022 has seen an uptick in the use of crypto mixing services, which allow users to conceal the transaction history of certain cryptocurrencies by pooling and mixing them together with other users’ funds. 

The 30-day moving average of value received by mixers reached an all-time high of nearly $52 million worth of crypto on April 19, according to a July report by Chainalysis — or roughly double the volumes at the same time in 2021.

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2026

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates (27).png

Research

Solana DEX Winners: All About Order Flow

Solana's spot trading landscape will remain bifurcated: prop AMMs will own the short-tail of highly liquid pairs, while passive AMMs continue drifting toward the long-tail. Both can win via vertical integration, but in opposite directions: passive AMMs are moving closer to users through token issuance platforms (e.g., Pump-PumpSwap, MetaDAO-Futarchy AMM), while prop AMMs are moving down the stack into transaction landing services and infrastructure (e.g., HumidiFi-Nozomi). The venues most at risk are legacy AMMs with limited end-user control and no durable, launch-driven source of order flow.

by Carlos Gonzalez Campo

/

news

article-image

0xResearch NewsletterMarkets

DePIN and crypto gaming led a surprising end-of-year rebound

BTC finished the week up 1.6%, while L2s, RWAs and the treasury trade continued to grind lower

by Kunal Doshi /
article-image

0xResearch NewsletterDeFi

Canton’s $6T RWA rails and Lighter’s Hyperliquid multiple

DTCC moves DTC-custodied Treasuries onchain via Canton, while Lighter’s LIT launches trading at a fees multiple in Hyperliquid territory

by Kunal Doshi&Shaunda Devens /
article-image

The Breakdown

The long wait for crypto’s “coffee pot” moment

In the 90s, rapt audiences worldwide watched a coffee pot — will that fascination ever turn to crypto?

by Byron Gilliam /
article-image

DeFiThe Breakdown

Failure is an option in crypto finance

Some systems improve by failing — and crypto has no choice

by Byron Gilliam /
article-image

0xResearch Newsletter

Yield Basis is making native BTC yield a reality

Yield Basis introduces an IL-free AMM design that already dominates BTC DEX liquidity

by Marc Arjoon /
article-image

The Breakdown

Users are the best investors to have

Maybe tokenholders don’t need the rights that corporate shareholders have come to expect

by Byron Gilliam /

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Blockworks Research

Unlock crypto's most powerful research platform.

Our research packs a punch and gives you actionable takeaways for each topic.

SubscribeGet in touch

Blockworks Inc.

133 W 19th St., New York, NY 10011

Blockworks Network

NewsPodcastsNewslettersEventsRoundtablesAnalytics

Company

AboutAdvertiseCareersTrust & EthicsPrivacyGlossaryContact