A group of investigators, led by Chainalysis’s Crypto Incident Response team, has recovered almost 10% of funds worth $30 million stolen as part of the well-known Ronin hack.
The Ronin network lost $622 million (the value from the time of the announcement) to hackers on 23 March 2022. The funds were allegedly stolen by a North Korean hacker group that goes by the name Lazarus. The hack had involved the bridge connecting Axie Infinity and Ethereum being exploited.
This is the first incident ever when crypto stolen by the North-Korean troublemakers was recovered. The recovery could be a sign that hackers will not find encashing ill-gotten proceeds easy anymore.
How did they trace the stolen funds?
As the hackers had used centralized setups, they left behind a footprint, which the recovery team was able to use to trace them. Chainalysis teamed up with law enforcement to recover the stolen funds.
Chainalysis’s response team utilized advanced techniques to follow the funds to specific cash-out zones. The liaison with law enforcement ensured that the traced funds were quickly frozen and eventually seized.
The numbers involved
At the time of the hack, the stolen crypto assets—1,73,600 wrapped ETH and 25.5 million USDC—were valued at $522 million. By the time the hack was made public, the value went up to $622 million, making the Ronin exploit one of the largest DeFi hacks. As of today, the stolen funds are valued at $307 million (courtesy of the crypto winter).
The Ronin network (bridge) was closed in June following the attack. All affected users were compensated with funds from Axie DAO, but that burnt a 56,000 ETH hole in the DAO’s treasury. The recovered funds will now be used to return the DAO treasury amount.