Elementary my dear watson ! – On Tuesday, March 29, 2022, the Play to Earn Axie Infinity game fell victim to an unprecedented hack. Stripped of $625 million (value of the loot at the time of the events) and relieved of 176,300 Ethers (ETH) the blockchain community NFT shook on its bases. On the lookout for the slightest movement, the general alert was sounded yesterday when ethers were moved to one of the hacker’s ethereum addresses. Let’s listen to what the blockchain tells us.
Fel Ronin Network
To conduct our investigation we will start from the main address of the hacker nicknamed: Ronin Bridge Exploit.
If we go back a few days, it is easy to see that the hacker used several accounts to dispatch the funds present on this address. The screenshot below is just one example.
We therefore clearly see the funds sent to other addresses which have all, in their own way, continued to disperse to CEX wallets, centralized exchanges. Let’s take an example and track the 1250 ether sent to Ronin Bridge Exploit 4. They are themselves divided into two accounts: Ronin Bridge Exploiter 5 and 6.
If we will see from the side of Ronin Bridge Exploit 5 we observe the deposition of 599ETH from number 4.
Behind follow 3 exchanges. One of 1 ETH and another of 15. The ETH was sent to an account which then transfers the funds to Crypto.com (a CEX), while the 15 ETH of the other transaction is still warm in the wallet.
Finally, the third exchange. This is a send of 583 ETH from number 4 to Ronin Bridge Exploiter 6. All funds that land on wallet 6 end up in the Ronin Bridge Exploit 7. A cul-de-sac towards Huobi 34 (another CEX).
>> A safe platform to buy your cryptos? Join PrimeXBT (affiliate link) <<
The Axie Infinity Hack: An Ethereum Tornado
A few days pass. Binance secures its network with Ronin, Axie Infinity plans a new version of its game. It’s almost like this famous hack was ancient history. Until yesterday.
Indeed, on the address we called main address 2001 ETH suddenly moved. A new address then appears. If we look at the last movements on the address of the hacker, this one made two transactions towards Ronin Bridge Exploit 8 : one of 1000 and one of 1001.
Then the hacker then by crypto-small denominations of 100 eth sent his war chest to an address Tornado Cash. Finally, the approach seems less naive than that of sending funds to so-called centralized exchanges.
Indeed, Tornado, non-custodial wallet, can be anonymous, without identity check, it does not work with a KYC (know your customer). In addition, this wallet breaks the chains on the Ethereum blockchain which prevents complete traceability of the transaction. In a nutshell, Tornado Cash puts the stolen tokens back into service and breaks the link they have with the hack: it’s money laundering.
Whereas Binance had re-opened its bridge and secured its network with Ronin the mysterious hacker has therefore resurfaced. The use of Tornado Cash rubs off with the first moves made on centralized exchanges. Behind what then seemed to be an error, we may discover the outline of a well-constructed plan. After all, and as Sherlock Holmes pointed out: “Nothing is more deceptive than an obvious fact”.
Hacks are unfortunate hazards but not inevitable… Play it safe and calm: register now on the PrimeXBT platform. In addition, you benefit from a bonus of up to $7,000 on your first deposit thanks to our code 50DEPJDC (affiliate link, see conditions on the official site).