On March 23, hackers siphoned $540 million worth of Ether (ETH) and USD Coin (USDC) from the popular NFT-based game Axie Infinity to a digital wallet. By the time the exploit was publicly announced, the value of the crypto assets had risen to $620 million.
Not only had the North Korean hackers pulled off a brazen heist, but the value of the loot had increased 15% while they twiddled their thumbs. Things have moved at a rapid pace since then, and these bandits may end up with nothing as law enforcement officials start to work with players at every level in the crypto space to intercept this loot.
The hack was termed the Ronin Bridge Exploit because it targeted the bridge that connected the Axie Infinity blockchain to the Ethereum blockchain.
Bridge hacks have plagued the cryptosphere lately, claiming over $1 billion in stolen funds in the last year alone.
Stealing crypto is not the same as stealing cash
Stealing crypto is not like stealing fiat money. Whereas the proverbial bank robber can launder the loot to buy a 50-metre yacht, crypto thieves hit a dead-end when it’s time to cash out.
Every blockchain transaction is traceable to a wallet address and is publicly searchable on platforms such as Etherscan.
On April 14, the FBI named North Korea’s Lazarus Group as the hackers behind the Ronin Bridge Exploit. On the same day, the US Treasury’s Office of Foreign Assets Control (OFAC) put Lazarus Group, including its wallet address, on its Specially Designated Nationals sanctions list.
According to a blog post by cryptocurrency compliance firm Elliptic, such sanctions “prohibit US persons and entities from transacting with this address to ensure the state-sponsored group can’t cash out any further funds they continue to hold onto through US-based crypto exchanges.”
Mixing it up
To embezzle crypto funds, scammers typically use something called a mixer which is a decentralised protocol (collection of smart contracts) that lets users send crypto – both dirty and clean – to the mixer. The dirty crypto gets mixed with the clean crypto, thereby obfuscating where the outgoing crypto originally came from.
Think of it like scrambling eggs. You throw six large eggs in and get a bunch of little egg pieces coming out. There’s no way to tell which egg you’re eating in the end.
One of the most popular mixers is Tornado Cash which has no owners and no administrators. It also lets people withdraw crypto from a completely different address than the one they used when they deposited it.
The Ronin Bridge Exploiter’s wallet movements
On March 28, five days after the hack but one day before it was announced, money started to move out of the Ronin Bridge Exploiter’s wallet. There were three outbound transactions of 500 ETH ($167 145), the first at 14:30:38 UTC and the last at 14:36:18 UTC. This was followed by a 750 ETH transaction six hours later, and another two 750 ETH transactions in the following three hours. Slow and steady.
The outbound transactions were sent to different wallet addresses. While writing this article, some of those addresses have since been labelled “Ronin Bridge Exploiter 2”, “Ronin Bridge Exploiter 3”, etc.
From those addresses, the funds were initially transferred to Centralised Cryptocurrency Exchanges (CEXes) such as Huobi and FTX.
On March 29, the hackers dipped their toes a bit deeper and withdrew two amounts of 1 250 ETH, the last one at 2:37 UTC.
On the same day, the Ronin Network announced that it had been compromised.
The wallet went quiet for six days.
Where the money went
When the CEXes announced that they would work with law enforcement to establish the hackers’ identity, the hackers’ strategy shifted, Elliptic reported.
On April 4, money started to move again, first to an intermediate address, but then to the Tornado Cash anonymiser (which allows you to hide your identity) instead of the CEXes.
The first transaction was 1 000 ETH. Several days later, outbound transactions of slightly over 3 000 ETH started occurring, but no higher.
Every Tornado deposit from the intermediate addresses was no higher than 100 ETH — small eggs for the scrambled eggs mix.
A convergence of catastrophes for the hackers
That cap of 3 000 ETH was obliterated on April 18 when the hackers transferred over 10 000 ETH out, worth almost $31 million at the time.
Two weeks earlier, that 10 000 ETH had been worth $5 million more.
Several factors converge here to paint a picture of what can only be described as desperation, or a sense of urgency, on the part of the hackers:
- First, the outing of Lazarus Group on April 14 and the resultant sanctions that CEXes must abide by.
- Second, on April 15, Tornado Cash announced in a tweet that it would also “block OFAC sanctioned addresses” from accessing Tornado.
- And third: ETH’s price had fallen by $500.
The hackers gave up their drip strategy and opted for a Niagara Falls approach to emptying the wallet. On April 19, one transaction removed over 18 000 ETH, worth $56 million at the time. Today, that amount of ETH barely scrapes past $31 million.
This was followed by a spate of even more massive withdrawals: 21 000 ETH on April 21, and 33 000 ETH on April 24 which, at the time, was worth nearly $100 million.
A month earlier, it had been worth $118 million. Today, it’s worth less than half of that at $58 million.
The wallet now has only 1.7 ETH left in it.
Although ETH’s freefall wouldn’t begin until May 7, the wallet’s value on April 16 was already $57 million weaker than at the start of April.
Today, the entire heist would be worth only $319 million, compared to the $620 million reported on March 29.
The crypto is gone from the original wallet but the basic problem remains – how to turn that into hard cash. Even though the initial stash has been distributed across dozens of new addresses, the chances of remaining entirely hidden on a completely transparent protocol that is actively monitored are unlikely, especially if the hackers want to do it in a hurry.
R Paulo Delgado is a crypto writer with an eye for the bizarre and the human stories behind the always fascinating leaps and stumbles of this new asset class.