Axie Infinity Ronin Bridge Hacker has already moved 38,293 ETH ($114.8 million)

Work from Home Secrets

Almost a month ago, Ronin Network, the side-chain built to scale Axie Infinity was exploited by hackers who made off with over $615 million worth of ETH.

The hackers seem to have cashed in 28,164 ETH out of the 173,000 ETH stolen in the Ronin Bridge attack, with a current market value of $86,128,384.73.

The attackers had initially moved over 2000 ETH ($6 million) 2 weeks ago, and now the hackers are on the move again.

The image below, taken from Reddit, shows a list of outgoing transactions related to the wallets involved in the exploit.

ronin attack - outgoing transactions
Outgoing transactions from wallets associated with the Axie Infinity Ronin Bridge attack

Reddit user ThatGuy222666 has been keeping track of the main wallet since the Ronin Bridge was exploited. It looks like the attackers are using multiple wallets to deposit the ETH into Tornado Cash, a crypto mixer that allows users to disguise their digital trail on the Ethereum blockchain.

According to the image below, it takes the hackers 4-6 hours to empty each new wallet of 100 ETH.

4-6 hours to empty new wallets
It takes the attackers 4-6 hours to empty each wallet of 100 ETH – image taken from Reddit post.

There are outliers, such as this wallet, to which the attacker sent 10,000 ETH over a day ago.

the biggest eth move
The biggest ETH move made by the hackers at the time.

Whoever the exploiter is, the quantity of ETH transferred is constantly increasing.

“The most baffling part of the whole situation to me, is that 327 different wallets have actually sent this person small quantities of ETH in the hope he shares the wealth.” the Reddit user said.

wallets that have sent eth to the exploiter
Wallets that have sent ETH to the hacker

Reddit user ThatGuy222666 continued to say: “I have never been so intrigued with a random person on the internet, This whole situation blows me away.”

The Reddit user finished off by saying:

“I plan on continuing to track where all this ETH goes purely out of curiosity, the absolute magnitude of this exploit is too much for my little brain to comprehend.”

The Reddit poster believes that the attack was carried out by a single person who may be moving the funds slowly to avoid detection.

According to the Reddit post, the address “was on a US watchlist before the exploit” and was “linked to North Korea.” However the savvy user still believes the attack was carried out by 1-2 users.

How to Start an Online Business

Leave a Reply

Your email address will not be published. Required fields are marked *