How Did the Lazarus Group Use Sanctioned Mixers to Get away with 625M Worth of Crypto?

Estimated read time 4 min read

Crypto worth 625 million stolen on March 23rd without anyone noticing, Lite zero the On-chain investigator states.

The Ronin hackers transfer funds belonging to individuals from ETH into BTC by using Bitcoin privacy tools , chip mixer and blender.

The US sanctioned a cryptocurrency mixer in May this year.  The mixing service is mostly used by hackers. The Lazarus group used it to  transfer Cryptocurrency stolen from the Ronin bridge. Cyber crime gangs use the mixers for illicit proceeds as it is hard to trace their hacking steps.The mixers are considered as a high risk by Virtual currency firms.

Cryptocurrency Mixers, also known as tumblers, obfuscate cryptocurrency transactions by creating a disconnect between the funds a user deposits and the funds the user withdraws. To do this, mixers pool funds deposited by large numbers of users and randomly mix them.

Mixers like Tornado Cash are allegedly used often by criminals to launder money. While most private-by-default chains remain uncracked by government agencies, they are not smart contract blockchains like Ethereum, and are thus unattractive or impossible targets for hackers. North Korea is once again involved in cyber crime.


The hackers continue to spread out the stolen funds using Bitcoin privacy tools such as Chain case (iOS Wallet ) and Join Market (coin join). This was done with an aim of remaining anonymous ·

Who hacked the bridge ?

The Ronin Bridge hack took place March 23rd but it was only discovered a week later. The Federal Bureau of investigation said  that The Lazarus Group, a prolific hacking team run by the North Korean government, is responsible for the March 2022 hack of the cryptocurrency platform.The FBI also added  the addresses of four wallets used by Lazarus Group to launder some of the stolen funds to its List.

 The hackers stole $620 million in the cryptocurrency Ethereum from the Ronin network. This is an eye-catching number in almost any context.  Hackers have moved beyond stealing corporate and government secrets and defacing web pages to something more lucrative: stealing actual cash and credit .

How was Ronin network hacked?
The Bridge was accessed through a game developer Sky Mavis. He is the  creator of the popular play-to-earn nonfungible token game Axie Infinity .The organization had been indefinitely whitelisted after helping process a surge in transactions. Sky Mavis raised 150 million to reimburse users that had  lost money in the exploit. Binance was able to recover 5.8 million of the money from 86 accounts.
The con culminated in one senior engineer clicking a PDF that contained  the official offer — it is at this point that the hackers first compromised the engineer’s computer.  The four of the nine nodes used to validate financial transactions on Sky Mavis’ Ronin blockchain were then interrupted .
 The on -chain investigator Lite Zero says
The hackers have spread out stolen funds across multiple centralized and decentralized platforms ,  the mystery is yet to be revealed and the investigation is in process .
The Korean cyber crime organisation had earlier  transferred  just a portion of the fund (6,249 Ether ) to centralized exchanges including Huobi (5,028 Ether ) and FTX (1,219 Ether) on Mar. 28 After investigations 6249 Ether .
After some investigation it was revealed that . 6249 ETH had  been converted into Bitcoin. The hackers then transferred 439 BTC($20.5 million) to Bitcoin privacy tool Blender, which was also sanctioned by the US treasury on May 6. 
The developers are currently working on a security upgrade and plan to increase the number of validator groups to 21 in the next three months before making the Ronin Bridge live again. Many in the crypto community believed that the hacker behind the Ronin Bridge exploit would eventually return the funds.

You May Also Like

More From Author

+ There are no comments

Add yours