Addresses linked to the $625 million Ronin Bridge exploit show more than $10 million worth of Ether was in motion in the Asian morning hours Wednesday, blockchain data shows.
One address was funded this morning by the Ronin exploiter with 5,505 ether, with the funds coming from another wallet funded directly by the exploiter's main address, blockchain data shows.
Starting in the early hours of Wednesday morning, the address sent Ether in batches of 100 to Tornado, an on-chain data exchange. The data shows that over 55 transactions were made.
The wallet contains only 3.4 Ether - worth over $7,000 - at the time of writing, indicating that the majority of the funds were transferred and sold to Tornado.
Tornado improves transaction privacy by breaking the on-chain connection between a source and destination address. This allows exploiters and hackers to disguise their addresses while withdrawing ill-gotten funds.
Wednesday's events follow the aggressive sale of stolen Ether in early April, when exploiters transferred up to 21,000 Ether to Tornado over multiple transactions. The stash was worth more than $65 million at the time.
The Ronin network was hit by a $625 million exploit in March that affected Ronin validation nodes for Sky Mavis, the publisher of the popular game Axie Infinity, and the Axie DAO. The attacker "used hacked private keys to forge fake withdrawals," Ronin said in a blog post at the time explaining the vulnerability.
U.S. officials have previously linked the attacker's address to North Korea's notorious "Lazarus" group. CoinDesk has independently confirmed that the sanctioned addresses are linked to the Ronin exploiters, as reported.