North Korea’s Lazarus Group Behind Axie Infinity’s Ronin Hack, Say US Treasury, FBI

Gaming Hack North Korea Security
Last updated:
Author
Author
Tim Alper
About Author

Tim Alper is a British journalist and features writer who has worked at Cryptonews.com since 2018. He has written for media outlets such as the BBC, the Guardian, and Chosun Ilbo. He has also worked...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Pyongyang. Source: Adobe/Oleg Znamenskiy

 

The United States Treasury Department has sanctioned an ethereum (ETH) address that it says received coins stolen in the Ronin Bridge hack – and the FBI has claimed that the North Korean Lazarus group of hackers was behind the security breach.

The address in question currently contains almost USD 446m worth of ETH and has been particularly busy in the past few days. The sanctions announcement claimed that Lazarus was based in the Potonggang District, of the North Korean capital Pyongyang, a claim also voiced in the past by the FBI.

The validator is used to connect the play-to-earn gaming title Axie Infinity’s Ronin bridge, which allows users to send cryptoassets to and from the Ethereum network to Axie’s Ronin sidechain – and was exploited for some USD 600m in late March. The hack is one of the largest ever in the decentralized finance (DeFi) space.

In an April 14 update to the Ronin newsletter on the hack – originally published just after last month’s hack – the Ronin Network wrote that it was “still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” adding that users could “expect the bridge to be deployed by end of [the] month.”

It also promised a “full post mortem that will detail security measures put in place and next steps” – also “by the end of the month.”

The blockchain analytics firm Chainalysis backed the claim on Twitter, stating that the address had received ETH 173,600 (currently worth around USD 525m), as well as USD 25.5m worth of the stablecoin USD coin (USDC) “from the Ronin Bridge smart contract during the attack.”

The company added that the crypto industry needed greater “understanding of how [North Korea]-affiliated threat actors exploit crypto,” as well as “better security for DeFi protocols.”

In an updated post on the hack, Elliptic, another major blockchain analytics firm, stated that its own “internal analysis” had found that the “attacker has managed to launder 18% of their stolen funds as of April 14.

The company explained:

“First, the stolen USDC was swapped for ETH through decentralized exchanges (DEXes) to prevent it from being seized. Tokens such as stablecoins are controlled by their issuers, who in some cases can freeze tokens involved in illicit activity.”

Using DEXes allowed the hacker to sidestep anti-money laundering (AML) and know your customer (KYC) checks and then “began laundering USD 16.7m worth of ETH through three centralized exchanges,” Elliptic wrote, adding:

“This strategy is uncommon for typical DeFi exploits given these exchanges’ AML obligations, though it has been observed more often in past Lazarus group-affiliated exploits.”

North Korea has repeatedly denied that it seeks to hack crypto and has refuted accusations surrounding the Lazarus group, which has previously been accused of masterminding the 2014 hack of Sony Pictures and the 2017 Wannacry ransomware attacks.

Pyongyang denies the existence of Lazarus, as well as alleged individual members of the group that have been named by the FBI, including Park Jin-hyok. It has also previously claimed that accusations of crypto theft were “the sort of fabrication that only the United States” was capable of “inventing” – calling the American government “kings” of hacking.
____
Learn more: 
Axie Infinity’s Ronin Hack Exposes Risks of Proof-of-Stake and Centralization – Analysts
Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes 

Five-year Jail Term: Has Virgil Griffith Become Ethereum’s Ross Ulbricht?
North Korea Views its USD 1.7B Crypto Hack Hauls as a ‘Long-term Investment’

More Articles

Blockchain News
Nigeria Sues Binance for $79.51B in Economic Damages, Seeks $2B in Back Taxes
Hassan Shittu
Hassan Shittu
2025-02-19 22:33:27
Blockchain News
Brazil Approves World’s First Spot XRP ETF by Hashdex
Hassan Shittu
Hassan Shittu
2025-02-19 22:14:44
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors