Поделиться этой статьей
Ronin Hackers Converted Some Stolen Ether to Bitcoin: SlowMist Researcher
The exploiters converted their ill-gotten gains initially to ether and then to bitcoin before using sanctioned mixers to mask their identities.
Автор Shaurya Malwa
A researcher at security firm SlowMist has stated that the attackers behind this year’s $625 million Ronin bridge exploit converted part of their stolen funds from ether to bitcoin and used sanctioned privacy mixers to mask their identities further.
The March exploit affected Ronin validator nodes for Sky Mavis, the publisher of the popular Axie Infinity game, and the Axie DAO, with attackers stealing some 173,600 ether and 25.5 million in USDC.
STORY CONTINUES BELOW
The attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions, according to a blog posted at the time, as previously reported.
SlowMist’s “blitezero” said in a tweet that some 6,249 ether converted by the attacker through Tornado Cash was sent to crypto exchange Huobi, where it was exchanged for bitcoin, and 5,028 ether was sent to FTX on March 28.
Read more: Ronin Attack Shows Cross-Chain Crypto Is a ‘Bridge’ Too Far
Some 439 bitcoin, or US$20.5 million at current rates, held at Huobi were then sent to bitcoin privacy tool Blender. Blender is a privacy tool that masks user addresses to make transactions more private and became the first-ever bitcoin mixer to get sanctioned by the U.S. government in May.
Blitezero added that most Blender addresses sanctioned by the U.S. government were the same deposit addresses used by Ronin hackers.
The hack was ultimately linked to the infamous North Korean hacker group Lazarus.
Meanwhile, the researcher added that over 113,000 ether sent to Tornado Cash was additionally converted to renBTC, a token on the Ethereum network that represents bitcoin, through decentralized exchanges Uniswap and 1inch. The renBTC was later transferred from Ethereum to Bitcoin and redeemed for spot bitcoin.
Больше для вас
Что нужно знать:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Больше для вас
Solana’s Drift Launches v3, With 10x Faster Trades
With v3, the team says that about 85% of market orders will fill in under half a second, and liquidity will deepen enough to bring slippage on larger trades down to around 0.02%.
Что нужно знать:
- Drift, one of the largest perpetuals trading platforms on Solana, has launched Drift v3, a major upgrade meant to make on-chain trading feel as fast and smooth as using a centralized exchange.
- The new version will deliver 10-times faster trade execution thanks to a rebuilt backend, marking the largest performance jump the project has made so far.
Top Stories
