Ronin Exploiter Moved 21,000 Ether to Tornado Cash in Past Week


The entity behind Ronin’s unprecedented $655 million exploit in March has apparently moved tens of millions worth of stolen ether (ETH) through privacy protocol Tornado Cash in the past week, blockchain data from addresses connected to the exploiter show.

  • Activity over the past week from the exploiter’s main address – tagged Ronin Bridge Exploiter on tracking service Etherscan – apparently shows that over 21,000 ether was moved in several transactions to different wallets.
  • Data show these funds were then moved to privacy exchange Tornado Cash. The exploiter seemed to have made several trades of 100 ether each from all those wallets, data apparently shows.

Transfers to Tornado Cash were done in amounts of 100 ether, as this wallet show. (Etherscan)

  • The funds moved to Tornado Cash are worth upward of $65 million at current prices.
  • Tornado enhances the privacy of transactions by breaking the on-chain link between a source and a destination address. This allows exploiters and hackers to mask their addresses while withdrawing illicitly gained funds.
  • Transfer amounts out of the main wallet range from 1,000 ether to this morning’s 3,202 ether, the highest so far.
  • Some wallets, such as 0xdf225C84A0eAEAaAC20E6C1d369e94EE13B9dF2A, saw multiple ether deposits from the exploiter. Others like 0x429a66e7bD829F9453CEE5239Bfeaf5657A11A3e have seen just one deposit.
  • The main wallet continues to hold upwards of 151,055 ether, worth $461 million at current prices, at the time of writing.
  • Ronin Network was hit by a $625 million exploit in March that affected Ronin validator nodes for Sky Mavis, the publisher of the popular Axie Infinity game, and the Axie DAO.
  • The attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions, as seen on Etherscan, Ronin said in a blog post on Substack.
Related Serial