Hackers who stole over $615 million in the Ronin Network exploit have already moved over $114 million worth of Ethereum.
Cover art/illustration via CryptoSlate
Almost a month ago, Ronin Network, the side-chain built to scale Axie Infinity was exploited by hackers who made off with over $615 million worth of ETH.
The hackers seem to have cashed in 28,164 ETH out of the 173,000 ETH stolen in the Ronin Bridge attack, with a current market value of $86,128,384.73.
The attackers had initially moved over 2000 ETH ($6 million) 2 weeks ago, and now the hackers are on the move again.
The image below, taken from Reddit, shows a list of outgoing transactions related to the wallets involved in the exploit.
Reddit user ThatGuy222666 has been keeping track of the main wallet since the Ronin Bridge was exploited. It looks like the attackers are using multiple wallets to deposit the ETH into Tornado Cash, a crypto mixer that allows users to disguise their digital trail on the Ethereum blockchain.
According to the image below, it takes the hackers 4-6 hours to empty each new wallet of 100 ETH.
There are outliers, such as this wallet, to which the attacker sent 10,000 ETH over a day ago.
Whoever the exploiter is, the quantity of ETH transferred is constantly increasing.
“The most baffling part of the whole situation to me, is that 327 different wallets have actually sent this person small quantities of ETH in the hope he shares the wealth.” the Reddit user said.
Reddit user ThatGuy222666 continued to say: “I have never been so intrigued with a random person on the internet, This whole situation blows me away.”
The Reddit user finished off by saying:
“I plan on continuing to track where all this ETH goes purely out of curiosity, the absolute magnitude of this exploit is too much for my little brain to comprehend.”
The Reddit poster believes that the attack was carried out by a single person who may be moving the funds slowly to avoid detection.
According to the Reddit post, the address “was on a US watchlist before the exploit” and was “linked to North Korea.” However the savvy user still believes the attack was carried out by 1-2 users.