Almost a month ago, Ronin Network, the sidechain built to scale Axie Infinity, was exploited by hackers who made off with over $615 million worth of ETH.

The hackers appear to have redeemed 28,164 ETH from the 173,000 ETH stolen in the Ronin Bridge attack, with a current market value of $86,128,384.73.

The attackers initially moved over 2000 ETH ($6 million) 2 weeks ago and now the hackers are back on the move.

The image below, taken from Redditshows a list of outgoing transactions related to the wallets involved in the exploit.

Reddit user ThatGuy222666 has been tracking the main wallet since the Ronin Bridge was exploited. It looks like the attackers are using multiple wallets to deposit the ETH Tornado Casha crypto mixer that allows users to obfuscate their digital trail on the Ethereum blockchain.

According to the image below, it takes the hackers 4-6 hours to empty each new wallet of 100 ETH.

There are outliers like this wallet where the attacker sent 10,000 ETH over a day ago.

Whoever the exploiter is, the amount of ETH transferred is constantly increasing.

“The most confusing part of the whole situation for me is that 327 different wallets actually sent small amounts of ETH to this person hoping he would share the wealth,” said the Reddit user.

Reddit user ThatGuy222666 went on to say, “I’ve never been so intrigued by a random person on the internet. This whole situation blows my mind.”

The Reddit user concluded by saying:

“I plan to keep following where all this ETH is going just out of curiosity, the absolute scale of this exploit is too much for my little brain to comprehend.”

The Reddit poster believes the attack was carried out by a single person who may have been moving the funds slowly to avoid detection.

According to the Reddit post, the address was “on a US watch list prior to the exploit” and was “connected to North Korea.” However, the savvy user still believes that the attack was carried out by 1-2 users.