North Korean hackers group, Lazarus, which stole $625 million worth of cryptos from Axie Infinity, has allegedly used Ren Bridge protocol and sanctioned crypto mixers Blender and ChipMixer to launder the stolen ETH tokens and USDC coins, said a report published by Blite Zero, a researcher at the crypto security research firm Slow Mist.
Ronin Bridge Hack
On March 23, 2022, the Lazarus group siphoned around 173,600 ETH and 25,500,000 USDC out of the Ronin Bridge, an Ethereum sidechain built for the popular play-to-earn (P2E) non-fungible token game Axie Infinity, after exploiting a validator node vulnerability.
The hackers then converted the stolen USDC coins to ETH and then transferred 6,249 ETH to crypto exchanges like Huobi, FTX, and crypto.com, the report posted on Twitter said.
On March 29, 2022, hackers then withdrew Bitcoins (BTC) from the exchanges’ custodial wallets to the BTC network and laundered some amount of BTC through Blender. Most of the stolen funds -175,000 ETH - were sent to Tornado Cash between April 4 and May 19.
Following that, the hackers utilised the decentralised exchanges Uniswap and 1inch to convert about 113,000 ETH to renBTC (a wrapped version of BTC,) and then used Ren's decentralised cross-chain bridge to transfer the assets from Ethereum to the Bitcoin network and unwrap the renBTC into BTC.
RenBTC is part of the Ren Protocol project, which allows a decentralized representation of Bitcoin inside Ethereum. The Ren project aims to create a token backed by BTC. The hackers then transferred 439 BTC to Blender, a sanctioned crypto mixer. Blender addresses were sanctioned by the US Department of Treasury on May 6, citing that the crypto mixer assisted the Ronin Bridge hackers in laundering over $20 million in stolen funds.
Approximately 6,631 BTC were transferred from Blender to several centralised exchanges and decentralised protocols.
When I scanned bitcoin transactions (April 7 ~ May 14) for withdrawals from Ronin hackers, I came to the following conclusions:— ₿liteZero (@blitezero) August 20, 2022
After withdrawing from ChipMixer, half of the funds were deposited to Blender. pic.twitter.com/eX12fC04GO
Scans of Bitcoin transactions between April 7 to May 14 indicate that more than half of the funds were transferred to Chipmixer. According to Blite Zero, the hacker's next move will be more complex. Although Blit Zero has traced the money to Chipmixer and Blender, he has not disclosed the wallet addresses. It is unclear how the stolen funds can be recovered, even if the funds have been located on the blockchain. Unless the wallet owner gives up the funds, no one can retrieve the stolen funds, and the only solution is to put sanctions on the wallet addresses.
Recently, Vitalik Buterin, the Russian-born ETH founder, said that he wanted to punish validators who were complying with censorship requests.