Share this article
Ronin Hackers Converted Some Stolen Ether to Bitcoin: SlowMist Researcher
The exploiters converted their ill-gotten gains initially to ether and then to bitcoin before using sanctioned mixers to mask their identities.
Updated May 11, 2023, 5:25 p.m. Published Aug 22, 2022, 10:00 a.m.
A researcher at security firm SlowMist has stated that the attackers behind this year’s $625 million Ronin bridge exploit converted part of their stolen funds from ether to bitcoin and used sanctioned privacy mixers to mask their identities further.
The March exploit affected Ronin validator nodes for Sky Mavis, the publisher of the popular Axie Infinity game, and the Axie DAO, with attackers stealing some 173,600 ether and 25.5 million in USDC.
STORY CONTINUES BELOW
The attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions, according to a blog posted at the time, as previously reported.
SlowMist’s “blitezero” said in a tweet that some 6,249 ether converted by the attacker through Tornado Cash was sent to crypto exchange Huobi, where it was exchanged for bitcoin, and 5,028 ether was sent to FTX on March 28.
Read more: Ronin Attack Shows Cross-Chain Crypto Is a ‘Bridge’ Too Far
Some 439 bitcoin, or US$20.5 million at current rates, held at Huobi were then sent to bitcoin privacy tool Blender. Blender is a privacy tool that masks user addresses to make transactions more private and became the first-ever bitcoin mixer to get sanctioned by the U.S. government in May.
Blitezero added that most Blender addresses sanctioned by the U.S. government were the same deposit addresses used by Ronin hackers.
The hack was ultimately linked to the infamous North Korean hacker group Lazarus.
Meanwhile, the researcher added that over 113,000 ether sent to Tornado Cash was additionally converted to renBTC, a token on the Ethereum network that represents bitcoin, through decentralized exchanges Uniswap and 1inch. The renBTC was later transferred from Ethereum to Bitcoin and redeemed for spot bitcoin.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
El Salvador Partners with Elon Musk’s Grok in AI-Powered Education for 1M Students
The nation that first adopted bitcoin as legal tender is looking to pioneer AI-powered education in 5,000 Salvadoran schools with xAI’s Grok
What to know:
- El Salvador is partnering with Elon Musk's xAI to launch the world's first national AI-powered public education system.
- The initiative will deploy xAI's Grok chatbot to over 5,000 public schools, benefiting more than a million students and thousands of teachers.
- The project aims to create new AI datasets and frameworks for education, focusing on local context and responsible AI use.
Top Stories
