US Claims North Korean Hackers Behind $625 Million Ronin Breach

North Korean hacking group Lazarus has been blamed for last month’s US$625 million exploit of Ronin Network, an Ethereum sidechain used by play-to-earn crypto game Axie Infinity.

The link was made public on April 15 when US Treasury announced it had added a new Ethereum wallet to its list of sanctions for the Lazarus Group. It’s the same wallet address that Axie Infinity creator Sky Mavis named as the Ronin attacker in late March, as confirmed by Etherscan.

18% of Stolen Funds Already Laundered

Blockchain analytics firms Chainalysis and Elliptic have corroborated that the wallet address is the same used in the Ronin exploit. Elliptic also confirmed that 18 percent of the stolen funds had already been laundered before the Easter weekend. The wallet still holds 147,753 ETH, worth about US$430 million at the time of writing.

“Identification of the wallet will make clear to other VC actors that by transacting with it, they risk exposure to US sanctions,” said a Treasury spokesperson, who added:

There may be mandatory secondary sanctions on persons who knowingly, directly or indirectly, engage in money laundering, the counterfeiting of goods or currency, bulk cash smuggling, or narcotics trafficking that supports the Government of North Korea or any senior official or person acting for or on behalf of that government.

US Treasury spokesperson

‘Critical Chokepoints’ in the War on Hackers

The spokesperson said that anti-money laundering and countering the financing of terrorists were “critical chokepoints” in the war on hackers, and called on the crypto industry to implement these types of safeguards.

According to a Ronin blog post, “We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk.” Redeployment was expected before the end of this month and a full post-mortem would follow at a later date.

Since the attack, Sky Mavis announced a US$150 million funding round led by Binance to help reimburse affected users. Sky Mavis ultimately hopes to recover the stolen funds over the next two years.