Reading time: ~2 m
According to blockchain data, addresses linked to the $625 million Ronin Bridge exploit show that more than $10 million worth of ether was in flux during Wednesday’s Asian morning hours.
This morning, one address was funded by the Ronin operator for 5505 ethers, with the funds coming from another wallet that was directly funded by the exploiter’s main address, blockchain data shows.
Starting Wednesday morning, the address sent ETH in batches of 100 coins to Tornado, the online privacy exchange. According to the data, more than 55 transactions were made.

The movement of the stolen cryptocurrency. (Etherscan)
The wallet contains just 3.4 ether worth over $7,000 at the time of writing, suggesting that most of the funds were transferred to Tornado and sold.
Tornado improves the privacy of transactions by breaking the link between the source and destination address. This allows exploiters and hackers to mask their addresses when withdrawing funds obtained illegally.
Wednesday’s moves followed an aggressive sale of stolen Ethere in early April, when exploiters transferred 21,000 ether over multiple transactions to Tornado. There was more than $65 million there at the time.
In March, the Ronin network was hit by a $625 million exploit that affected Ronin’s verification nodes for Sky Mavis, the publisher of the popular game Axie Infinity, and the Axie DAO. The attacker “used hacked private keys for fake withdrawals,” Ronin said in a blog post explaining the exploit.
U.S. officials have previously linked the exploiter’s address to the infamous North Korean group Lazarus.
#ETH #Ronins #million #exploit #began #moving