The Lazarus Group found a new home in ChipMixer after using the protocol to launder 3,460 BTC stolen from the Ronin bridge.
An on-chain investigation by SlowMists reveals that the privacy protocol ChipMixer was used by Ronin bridge hackers (the Lazarus Group) to launder 3,460 BTC ( $73.2 million as per press time).
In a mid-year report by blockchain security firm, SlowMist, an on-chain investigation of the Ronin hack was conducted, and mixing protocol ChipMixer was indicted as a destination for hackers on the Bitcoin network.
According to the report, Axie Infinity’s Ronin bridge lost assets worth $610 million to hackers on March 29. Most of the funds were, however, laundered on the Ethereum and Bitcoin networks.
Tornado Cash received 74.7% (300,160 ETH) of the funds laundered on the Ethereum blockchain, while the hacker’s address still has possession of 95,570 ETH.
A total of 6,531.04 BTC were transferred to the Bitcoin network. ChipMixer facilitated the laundering of 3,460 BTC (49.1% of funds), while 36.6% are still held in the hacker’s address.
The hackers withdrew a total of 2,671 BTC from the ChipMixer protocol and sent the funds through Blender, Wasabi Coinjoin, and a small portion to the Binance exchange.
Lazarus Group prefers laundering on the Bitcoin network
The investigation also noted that top-tier hackers like the Lazarous Group prefer to launder funds via the Bitcoin network. The rationale behind this is that Bitcoin provides more anonymity and flexibility than Ethereum for them to execute their criminal activities. The Lazarus Group has laundered more funds on Bitcoin that on any other network.
Could ChipMixer be next on the sanctions list?
ChipMixer facilitated the laundering of 48.9% of funds on the Bitcoin network, while Tornado Cash facilitated 74.6% on the Ethereum network.
SlowMist noted that in 2022 alone, 26,021 BTC was sent to ChipMixer while 14,370 BTC was withdrawn from the mixing protocol. The peak of its involvement in financial crimes was in March during the Ronin bridge hack.
With regulators targeting mixing protocols, ChipMixer may be under watch too. Earlier in May, mixing protocol Blender was sanctioned by the US Treasury for its involvement in the Ronin hack. More recently, Tornado Cash had to shut down operations following the US Treasury sanction and arrest of its developer Alexey Pertsev.