An investigation conducted by the US Department of Treasury has revealed that the infamous North Korean hacker group ‘Lazarus’ was behind the Axie Infinity’s Ronin Bridge attack. The hack had resulted in the network losing more than 173,600 Ether (ETH), or $600 million, and 25.5 million USDC.
THREAD: Updates to OFAC’s SDN designation for Lazarus Group confirm that the North Korean cybercriminal group was behind the March hack of Ronin Bridge, in which over $600 million worth of ETH and USDC was stolen.
— Chainalysis (@chainalysis) April 14, 2022
The ministry’s Office of Foreign Assets Control has added an Ethereum wallet address allegedly linked to Lazarus to its sanctions list on April 14. The wallet listing was confirmed by Axie Infinity’s creator Sky Mavis and blockchain analytics firm Chainalysis, which identified the address to be involved in the Ronin bridge attack.
At the time of writing, the wallet address contained over 144,837.7 Ether, valued at $439.4 million, per Etherscan’s data. Since the attack, the hackers have been moving funds to several other wallets and exchanges and have been successful in laundering at least 18% of the stolen funds, blockchain security firm Elliptic confirmed Thursday.
On March 29, Sky Mavis confirmed that Ronin bridge, the Ethereum sidechain developed for the P2E game Axie Infinity, suffered a major exploit on March 23. The hackers gained access to five of the Ronin network’s nine validator nodes by stealing their signatures in order to withdraw funds without being noticed.
As of today, the gaming platform is yet to reopen the Ronin Bridge. In an updated substack blog post, Sky Mavis explained:
“We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk. Expect the bridge to be deployed by end of the month. Security comes first. The timeline is subject to change based on the implementation time of several security measures.”
According to a Chainalysis report, North Korean cyber criminals are responsible for illegally extorting at least $400 million from cryptocurrency platforms in 2021. In addition, a Reuters report released in February claimed that North Korea has been funding its nuclear and missile programs through cryptocurrencies stolen, citing a confidential United Nations report.