Crypto trading has taken the back seat in the digital economy in 2022, with the market remaining under the bears' control for most of the year. Furthermore, traders have seen their faith rocked by the consecutive failures of centralized exchanges. These intermediary marketplaces have been the powerhouse of the industry since its humble beginnings. Now, they seem to crumble under mounting allegations of scams, lawsuits, and solvency concerns. Meanwhile, they make a convincing case for the imminent decentralization of crypto…
It’s been over ten days since Ronin Bridge fell victim to the largest Defi hack in history. Today, the lost ETH from the hack has started leaking out of the suspected thief’s wallet.
Covering HIs Tracks
According to on-chain data from Etherscan, the exploiter’s addresses conducted multiple transactions between themselves earlier today. In two batches, the hacker’s original address sent 2000 ETH to a new address flagged “Ronin Bridge Exploiter 8”. The new address subsequently sent 20 batches of 100 ETH each to “Tornado Cash” – an Ethereum based mixer.
A “mixer” is an anonymizing service that helps break the on-chain tie between a crypto holder’s sending and receiving address. It works by obfuscating one’s crypto with a larger pile from others that are using the service. The same service has been used by multiple criminals in the past, including during the “Squid Game” token rug pull.
However, as noted by Chainalysis co-founder Jony Levin, the daily liquidity value of mixing services globally is about $30 million. At current prices, that’s only around 10,000 ETH.
As such, trying to mix thousands of Ethereum at once wouldn’t prove very effective. This necessitates that hackers break down their funds into smaller batches to enhance anonymity before mixing, to effectively cover their tracks.
Though the hacker is already unidentified, he will struggle to cash out his funds if they reside within a flagged address. If he were to interact at a regulated, KYC/AML compliant exchange using that address, he would likely expose himself.
Even Defi exchanges – known for being ‘permissionless’ and extra private – are becoming less welcoming to illegal actors. For example, Chainalysis now provides free industry tools for Defi exchanges to automatically detect addresses connected to global sanctions lists.
Yet this hacker appears to have been particularly lucky on that front. Ronin did not notice its blockchain bridge had been drained until a week after the hack. This allowed the thief to deposit considerable sums of money to FTX exchange without being caught.
The Biggest Defi Hack
The Ronin Bridge hack last month compromised 173,600 ETH, alongside 25.5M USDC. At today’s price, that’s over $630 million in crypto.
The hack nearly doubled the size of the similar Solana bridge hack which took place in February. It’s also the first to outdo the PolyNetwork exploit from last year, which stole $600M from victims in ETH, BNB, and MATIC. Unlike that time, the hacker has not made plans to return the funds.
Nevertheless, Sky Mavis – the company behind Axie Infinity, which operates on Ronin – promises to compensate victims.