US Treasury: North Korean hackers are linked to the Ronin Bridge exploit

After one of the biggest hacks in decentralized finance (DeFi) history, the U.S. Treasury connected the theft to the North Korean hacker group Lazarus Group. The U.S. government added the related Ethereum (ETH) address to the sanctions list.

Ronin Network, a sidechain for the Play-to-Earn (P2E) blockchain game Axie Infinity, was exploited in late March with the hackers getting away with more than $620 million in ETH and USD Coin (USDC). 

As reported by Bloomberg, the U.S. Treasury links the theft to the North Korean hacker group, with the government adding the Ethereum address (0x098B716B8Aaf21512996dC57EB0615e2383E2f96) to its sanctions list. 

How much was stolen

According to Sky Mavis, creator of Axie Infinity, 173,600 ETH and 25.5 million USDC were stolen. Currently, the address still has more than 116,000 ETH, worth over $350 million at the time of writing. 

Sky Mavis later raised $150 million with Binance leading the funding round with other venture capital firms, including Animoca Brands, a16z, Dialectic, and Paradigm. The funds were used to repay a portion of the losses, according to the game’s creator.

After this massive loss, Sky Mavis has been taking more accurate safety measures, such as making several audits and security upgrades to the validators.

North Korea is going rogue

This is not the first time North Korea is linked to illegal global activities. On April 15, the web 3.0 and security expert Arthur reported that a subsidiary of the Lazarus Group called BlueNorOff has been trying to attack digital asset exchanges.

“Once the current attack method gets less effective, such as a trojanized DeFi App and Wallet attack discovered lately. Given the success, it is likely North Korea will dedicate more resources to this group to scale up the intensity of the attack,” he added.

Initially wrote the content below only for our portcos and partners but after some thoughts I think there are benefit to open-sourcing this.

— Arthur (@Arthur_0x) April 15, 2022

This is not the end of the reports alleging cybercrime activities from the hermit country. In addition, a United Nations (UN) report, as seen by Reuters, states that North Korea has been stealing virtual currencies for a while now and has been using the stolen funds to support its nuclear and missile programs. As per the report, at least three exchanges from Asia, Europe, and North America were attacked in 2021.

Watch: CoinGeek New York panel, Investigating Criminal Activity on the Blockchain