The hackers who stole more than USD 600 million in ether (ETH), after an attack on the Ronin network from the video game Axie Infinity, have been extracting their loot little by little, although they have done so through a mixer to make it difficult to trace funds.

Shortly after the theft of the bridge that connects the Ronin network with the Ethereum main chain was made public, the perpetrators of this attack they started moving small parts of the ill-gotten ether to accounts related to Tornado Cash.

Tornado Cash is a tool that mixes the cryptocurrencies it receives through a smart contract, which acts as an intermediary between the origin and destination addresses. The purpose of this service is to promote the privacy of transactions on networks such as Ethereum, Polygon and Binance Smart Chain, among others.

Until now, hackers have mined almost 30,000 ethers from your account through Tornado Cash. This amount is equivalent to about USD 90 million, according to the price of ETH today in the cryptocurrency market.

It should be noted that hackers have had to use alternate accounts to withdraw funds, thanks to the fact that the United States Department of the Treasury sanctioned the main account. This further limits the mobility of capital directly from that account.

The account directly related to the Ronin network attack has a pink tag identifying it as a reported address. Source: etherscan.

Some of the alternate addresses hackers have been using have also been identified as Ronin Bridge Exploiter on Etherscan, the Ethereum chain explorer.

Cryptocurrency mixers can make tracking a transaction quite difficult, however, they do not make it an impossible task. For that reason, Tornado Cash administrators are using a tool provided by the Chainalisys platform, which helps track transactions in these cases. This type of tool is known as an oracle.

The tracking oracle designed by Chainalisys can be used for free, although it has its limitations. Roman Semenov, one of the co-founders of Tornado Cash, stated through his account on Twitter that he applied to acquire the paid services of the aforementioned research firm, but until that moment he had not received a response in this regard.

The FBI claims that the hackers of the network that hosts Axie Infinity are from North Korea

Last Thursday, April 14, the FBI attributed the attack on the Ronin network of the video game Axie Infinity to a group of North Korean hackers known as Lazarus Group. This organization has been responsible for some of the most renowned attacks in recent years, such as the Sony hack and the Wannacry ransomware.

Until now There has been no official statement from the Lazarus Group acknowledging its responsibility in the cyberattack. to the bridge of the Ronin network, developed by the company Sky Mavis.

For the worst possible outcome of this situation, in which funds are not recovered and the wrongdoers are not caught, Sky Mavis has already executed a plan B to ensure that the company continues to operate. and that its investors can recover their money.

It is a financing round in which several companies participated, among which the Binance exchange stood out, which already had a close relationship with the video game platform.

The aforementioned round of financing allowed the creators of Axie Infinity to recover USD 150 million, to which they will add part of their treasure to repay the funds extracted from the Ronin network bridge with the hack. In this way, as soon as the bridge is reopened, users will be able to dispose of all their funds, if they wish.

Sky Mavis reported on the official blog of the Ronin network that the reopening of the bridge that communicates with the main chain of Ethereum could be reopened at the end of April, once the work to reinforce its security and stability has been completed.