See More

Sanctioned Mixers Used to Launder Axie Infinity Funds, Reveals SlowMist Researcher

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • A Slowmist researcher reveals that Tornado Cash and Blender were used to obfuscate proceeds from Axie Infinity hack.
  • The attackers siphoned 6429 ETH funds through Tornado Cash and Blender, and then used two DEXes and Tornado Cash to anonymously move more 113,000 ETH.
  • Both Blender and Tornado Cash have been sanctioned by the U.S. Treasury Department.
  • promo

Following the $620 million attack on Axie Infinity’s Ronin sidechain, one researcher has traced fund flows to sanctioned crypto mixers.

The attackers used hacked private keys to make ETH and USDC withdrawals from the Ronin sidechain, a so-called crypto bridge designed to help Axie Infinity players move tokens between blockchains.

During the attack on March 23, 2022, hackers pilfered 173,600 ETH and 25.5 million USDC from Axie Infinity, a play-to-earn game, sending the stolen funds to a 42-character address on the Ethereum blockchain.

Due to the publicly visible nature of the blockchain, huge sums are challenging to move anonymously. Additionally, mixers’ optimal functioning depends on holding enough liquidity to exchange illegal funds for cleaner money.

According to Immunefi, a bug-bounty platform, mixers could take years to funnel a nine-figure amount. Hence the group resorted to incremental transactions.

How the funds moved

Hackers first passed 6,429 ETH through Tornado Cash before sending the funds to Huobi. At Huobi, the funds were converted into bitcoin. Over 5,000 ETH went to exchange FTX.

According to the Slowmist researcher, 439 bitcoin from Huobi were then passed through Blender, a bitcoin mixing tool sanctioned by the U.S. government. The hacker deposited the funds to addresses prohibited explicitly by U.S. sanctions. They then went on to convert 113,000 ETH funneled through Tornado Cash to renBTC, a form of bitcoin living on the Ethereum blockchain, by using two decentralized exchanges. The renBTC was transferred to the bitcoin blockchain, which converted it into BTC.

US Treasury tries to pin down mixing services

Mixers obfuscate the link between the origin and destination of cryptocurrencies by pooling user funds, making them an attractive tool for criminals to siphon illicit funds.

On Friday, May 6, 2022, the U.S. Treasury Department sanctioned, a bitcoin mixing service believed to be an instrument used by North Korean hackers, The Lazarus Group, to launder funds for cybercrime. At the time, the Treasury Department said that the mixer processed over $500 million in bitcoin transactions and was used in the Axie Infinity hack.

On Aug.8, 2022, the department also sanctioned Tornado Cash, citing the mixer’s indifference to implementing adequate controls to curb illicit activity. The sanctions prevent all U.S. companies and individuals from interacting with the mixer.

While the Treasury Department claimed that Tornado Cash laundered over $7 billion since 2019, the co-founder of Elliptic, a blockchain analytics firm, thinks the government department is conflating illicit fund flows with legitimate ones and could only find $1.5 billion in criminal proceeds.

For Be[In]Crypto’s latest Bitcoin (BTC) analysis, click here.

Top crypto projects in the US | July 2024
Harambe AI Harambe AI Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | July 2024
Harambe AI Harambe AI Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | July 2024



In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C,...