KEY POINTS

  • The Ronin bridge of "Axie Infinity" was hacked on March 23
  • Sky Mavis discovered the hack on March 30
  • Hackers stole over $600 million worth of crypto

Malicious actors who siphoned off about $610 million in cryptocurrency from the Ronin bridge of the play-to-earn game "Axie Infinity" on March 23 have started moving the massive loot.

The blockchain address flagged as being involved in one of the largest crypto heists has made several transactions on Monday. The first movement was the transfer to another address of 1,000 ETH valued at around $3.5 million.

Multiple other transactions consisting of transfers of 100 ETH followed. All these transactions ended up in the Tornado Cash Ethereum mixing service. Essentially, mixers are private third-party tools developed to help users maintain their anonymity.

Axie Infinity
Axie Dev Update - January 2022 YouTube Screenshot/Axie Infinity YouTube Channel

These movements were noticed by Chinese crypto analyst Colin Wu, who shared the details on Twitter Monday. "The address of the hacker who stole $610 million in the Ronin_Network case began to move, transferring 1000 ETH to another address and then 200 ETH to TornadoCash," Wu said.

As of 5:41 a.m. ET on Tuesday, the blockchain address has a balance of 0.108801866288846024 ETH, which is valued at around $384.16 (@ $3,530.79/ETH). In other words, malicious actors have already transferred almost all the stolen funds.

The hack happened on March 23 but was only discovered on March 30. Hackers stole 173, 600 Ethereum and 25.5 million USDC stablecoins.

Hackers will most likely try to confound the transactions several times before finally cashing out into fiat somewhere. They can withdraw all of these stolen Ether and convert them to fiat but only through major centralized exchanges with stable standing and sufficient liquidity.

However, they will have a hard time approaching any exchanges to cash in their haul. Currently, exchanges have increased efforts to know their customers through Know Your Customer (KYC) procedures.

Aside from that, the Ethereum addresses used by the malicious actors, as well as their movements, are being recorded on a black list. With this mark, no major exchange will consider them.

It is highly likely that if the hackers move the funds to an exchange, the funds would be seized. Sky Mavis, the team behind the popular play-to-earn game "Axie Infinity" has since stated that it is "fully committed" to reimburse the victims of the massive heist.