Lazarus, a North Korean hacking group is allegedly behind the $ 622 million hack of Ronin —an Ethereum sidechain used by the popular NFT (Non-Fungible token) game Axie Infinity.
Lazarus Group Behind Largest Theft in Defi History
In late March, Sky Mavis — the studio behind Axie Infinity — saw its Ronin bridge smart contract exploited by hundreds of millions of dollars, after the attackers managed to breach the security of the Ethereum sidechain.
Today, the US Treasury Department added a new ETH address to its list of sanctions for the Lazarus group. The FBI linked this address to the Ronin bridge exploit that occurred in late March, having received 173,600 ETH and 25.5 million USDC during the exploit. This is the same address that Sky Mavis founder flagged as the attacker shortly after the attack.
The studio has acknowledged the connection in a recent update to its original community alert post, and that they’re working on additional security layers to protect its users.
We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk. Expect the bridge to be deployed by end of month
Elliptic and Chainalysis, two major blockchain analytics firms, have reaffirmed that the address belongs to the North Korean group. Both firms have been monitoring stolen funds since the attack took place.
THREAD: Updates to OFAC’s SDN designation for Lazarus Group confirm that the North Korean cybercriminal group was behind the March hack of Ronin Bridge, in which over $ 600 million worth of ETH and USDC was stolen.
– Chainalysis (@chainalysis) April 14, 2022
According to data from Elliptic, Lazarus has managed to launder 18% of the stolen funds to date through decentralized exchanges (DEXs), firstly by swapping the stolen USDC for ETH.
However, the hackers laundered $ 16.7 million worth of ETH through three centralized exchanges, allowing the exchanges to work with law enforcement to track their identity due to AML and KYC procedures. Lazarus then decided to switch to Tornado Cash (TORN) —a privacy-focused protocol that mixes transactions to make them difficult to trace.
Sky Mavis has said that they will continue to work with security firms and law enforcement agencies, hoping to recover the stolen funds in the next two years. In a previous update, the studio announced they would reimburse all affected users by combining Sky Mavis and Axie balance sheet funds with a $ 150 million funding round led by Binance, with participation from several crypto investment firms.
Withdrawals of Wrapped Ether (wETH) and convert function from wETH to ETH remain closed, the studio said, but withdrawals for Axie Infinity Shards (AXS) and Smooth Love Potion (SLP) have been resumed.