Addresses connected to Ronin Bridge’s $625 million exploit show upward of $10 million worth of ether were on the move in Asian morning hours on Wednesday, as per blockchain data.
Beginning Wednesday night at 6:00 am, the address was sent ether in batches 100 to Tornado. Tornado is an on-chain privacy platform. More than 55 transactions were completed, according to the data shows.
The wallet contains just 3.4 ether – valued at over $7,000 – at writing time, suggesting most of the funds were transferred to Tornado and sold.
Tornado increases the privacy of transactions by breaking down the on-chain link that links a source address and a destination. This allows hackers and exploiters hide their addresses while stealing illicitly acquired funds.
Wednesday’s moves follow the aggressive selling of stolen ether in early April when the exploiters moved as much as 21,000 ether over several transactions to Tornado. The stash was valued at over $65 million at the time.
A $625 million exploit was discovered in March on Ronin Network. It affected Ronin validator Nodes for Sky Mavis (publisher of the Axie Infinity and Axie DAO) and Ronin Network. The attacker “used hacked private keys in order to forge fake withdrawals,” Ronin said in a blog post at the time, explaining the exploit.
U.S. officials previously tied the address of the exploiter to North Korea’s infamous “Lazarus” group. CoinDesk independently confirmed the sanctioned addresses were linked to Ronin exploiters, as reported.