Blockchain review firm Chainalysis said on Thursday that law enforcement had recovered $30 million in crypto stolen from the $625 million Ronin Bridge hack in March. According to Chainalysis, the North Korean-linked Lazarus Group behind the attacks used sophisticated money laundering techniques, such as sending stolen Ether (ETH) to crypto mixer Tornado Cash and swapping it for Bitcoin (BTC). However, the group behind the attack recently turned away from such techniques after the US Treasury Department imposed some sanctions on Tornado Cash wallet addresses.
Chainalysis has revealed that Lazarus Group hackers are trying to launder stolen crypto through cross-chains on legitimate decentralized finance platforms. “With Chainalysis tools, these cross-chain funds movements can be easily tracked,” the firm wrote, pointing to a transaction where the hacked funds were bridged from Ethereum to the BNB Chain, then replaced with Tron’s stablecoin USDD, and eventually bridged to the BitTorrent blockchain.
North Korea-backed Lazarus Group first used five of nine private keys held by transaction validators for the Ronin Network’s cross-chain bridge. After achieving the majority consensus, the group approved two transactions to transfer 173,600 ETH and 25 million USD Coin (USDC) from Ronin Bridge and exhausted its holdings.
Binance was able to recover $5.8 million in funds related to the Ronin exploit after the incident. After just four months, the Ronin developers announced that the cross-chain bridge had returned after three inspections. Ronin’s developer, Sky Mavis, has raised over $150 million in a Binance-sponsored funding round to rebuild the protocol.