SlowMist analyzed the Ronin Network exploit and the laundering of stolen funds from the March 2022 Axie Infinity sidechain breach. The attacker stole 173,600 ETH and 25.5 million USDC, worth about $610 million, by using compromised private keys to authorize two withdrawals from the Ronin bridge. SlowMist describes how an unreclaimed Axie DAO whitelist and gas-free RPC access let the attacker obtain signatures from five validators, including four Sky Mavis validators and one Axie DAO validator; the source states that US investigators attributed the incident to Lazarus Group. The AML analysis tracks the hacker address 0x098B716B8Aaf21512996dC57EB0615e2383E2f96, conversion of USDC into ETH, transfer of 175,100 ETH through Tornado Cash, subsequent swaps through 1inch and Uniswap into renBTC, bridging to Bitcoin, and possible ChipMixer withdrawals totaling 2,871.03 BTC.