Ronin exploiter moved 21,000 stolen Ether to Tornado Cash in the last week

According to blockchain data from addresses linked to the exploiter, the entity behind Ronin's $655 million exploit in March has presumably moved tens of millions of dollars worth of stolen Ether (ETH) through Tornado Cash in the last week.


Ronin hacker moved the stolen crypto

Over 21,000 ETH was allegedly moved in multiple transactions to different wallets from the exploiter's main address – dubbed Ronin Bridge Exploiter on tracking service Etherscan – over the past week.


These funds were then transferred to Tornado Cash, according to data. Data appears to reveal that the exploiter performed many trades of 100 ETH each from each of those wallets.


At current values, the monies transferred to Tornado Cash are valued upwards of $65 million.



Tornado improves transaction privacy by severing the on-chain connection between a source and a destination address. This helps exploiters and hackers to hide their identities while withdrawing monies obtained illegally.


The sums transferred out of the primary wallet range from 1,000 ether to 3,202 ETH this morning, the biggest so far.


This wallet 0xdf225C84A0eAEAaAC20E6C1d369e94EE13B9dF2A, received multiple ether deposits from the exploiter. And some wallets like 0x429a66e7bD829F9453CEE5239Bfeaf5657A11A3e got just one deposit.


At the time of writing, the main wallet held upwards of 151,055 ETH, worth $461 million at current pricing.


In March, the Ronin Network was struck by a $625 million exploit that targeted Sky Mavis, the publisher of the popular Axie Infinity game, and the Axie DAO's Ronin validator nodes.


According to Ronin's blog post on Substack, the attacker "used hacked private keys to generate bogus withdrawals" from the Ronin bridge spanning two transactions, as visible on Etherscan.