US officials link North Korean hackers Lazarus to $625M Axie Infinity crypto heist – TechCrunch
US officials have linked North Korean state-backed hacking group Lazarus to the recent theft of $625 million in cryptocurrency from the Ronin Network, an Ethereum-based sidechain designed for the popular game Axie Infinity.
The Treasury Department’s Office of Foreign Assets Control (OFAC) on Thursday announced new sanctions against an Ethereum wallet owned by Lazarus. Blockchain analytics firms Elliptic and Chainalysis have both confirmed that the US Treasury wallet address is the same as the one used in the Ronin hack, which saw attackers mine the network for 173,600 ether, or around $597 million, and $25.5 million from the USDC stablecoin. The heist, which totaled $625 million at the time, is the largest decentralized finance hack to date, according to DeFiYield database REKT, which tracks DeFi scams, hacks and exploits.
The wallet itself – which contained 148,000 ether on Thursday – was discovered by the FBI as part of its ongoing investigation into the threat posed by North Korea and state-sponsored actors like the Lazarus Group. Blockchain analytics firm Elliptic estimated that 14% of stolen funds have already been laundered, while another $9.7 million are in intermediate wallets in preparation for laundering.
The recently announced sanctions prohibit US persons and entities from transacting with the identified Ethereum account. This ensures that the state-sponsored group – which has already been linked to a 2014 hack on Sony Pictures and the 2017 WannaCry ransomware attacks – cannot cash out via US-based crypto exchanges the additional funds it receives. they continue to hold.
“Many commentators believe that the crypto assets stolen by the Lazarus Group are being used to fund the state’s nuclear and ballistic missile programs,” Elliptic said. “With recent reports that North Korea may again be preparing for nuclear testing, today’s sanctions activity underscores the importance of ensuring that the Lazarus Group is not able to successfully to launder the proceeds of these attacks.”
In an updated post on the incident, the Ronin Network, which is owned by developer group Sky Mavis, said it plans to deliver a full post-mortem of the crypto heist by the end of the month.
“We are still adding additional security measures before redeploying the Ronin Bridge to mitigate future risks,” Ronin says, adding that this will bring his bridge back online “by the end of the month.” The bridge allows users to transfer funds between other blockchains and Axie Infinity and has been blocked since the attack.
According to a recent report by blockchain analytics firm Chainalysis, North Korean hackers launched at least seven attacks on cryptocurrency platforms last year to steal nearly $400 million from digital assets. According to the report, the Lazarus group is suspected of carrying out the attacks.