The recent theft of $625 million in bitcoin from the Ronin Network, an Ethereum-based sidechain created for the popular pay-to-earn game Axie Infinity, has been connected by US officials to the North Korean state-backed hacker outfit Lazarus.
On Thursday, the Treasury Department’s Office of Foreign Assets Control (OFAC) issued fresh sanctions against Lazarus’ Ethereum wallet.
Elliptic and Chainalysis, both blockchain research organizations, have established that the US Treasury’s wallet address is the same as the one used in the Ronin breach, in which the attackers stole 173,600 ether, or nearly $597 million, and $25.5 million in the stable coin USDC. According to the DeFiYield REKT database, which documents Defi scams, hacks, and exploits, the robbery, which totaled $625 million at the time, was the greatest decentralized financial hack to date.
The wallet was uncovered by the FBI as part of its continuing investigation into the danger presented by North Korea and state-sponsored entities like Lazarus Group. It housed 148,000 ether as of Thursday. Elliptic, a blockchain research business, calculated that 14% of the stolen cash had already been laundered, with another $9.7 million in intermediate wallets waiting to be laundered.
Individuals and companies from the United States are prohibited from transacting with the specified Ethereum account as a result of the newly announced sanctions. This prevents the state-sponsored outfit — which has already been linked to a 2014 Sony Pictures breach and the 2017 WannaCry ransomware attacks — from cashing out any remaining monies through U.S.-based crypto exchanges.
“Many commentators believe that crypto assets stolen by Lazarus Group are used to fund the state’s nuclear and ballistic missile programs,” Elliptic said. “With recent reports that North Korea may be again preparing for nuclear testing, today’s sanctions activity highlights the importance of ensuring that Lazarus Group is not able to successfully launder the proceeds of these attacks.”
The Ronin Network, which is owned by development firm Sky Mavis, stated in an updated article on the event that it aims to release a complete post-mortem of the crypto-heist by the end of the month.
“We’re still installing extra security measures before redeploying the Ronin Bridge to avoid future danger,” Ronin said, adding that the bridge will be operational “before the end of the month.” Since the hack, the bridge that lets users to move funds between other blockchains and Axie Infinity has been shut off.
North Korean hackers staged at least seven assaults against cryptocurrency platforms last year, according to a recent report by blockchain analysis firm Chainalysis, stealing about $400 million in digital assets. The Lazarus Group is accused of carrying out the assaults, according to the article.