Today, the U.S. Treasury added an Ethereum wallet adres to its sanctions list. This tied it to North Korea’s Lazarus Group. It is the same address that was used in last month’s attack on Axie Infinity’s Ronin Network, which cost $622 million.
North Korean hacking group Lazarus is believed to be responsible for the $622 Million hack of Ronin Network last month. This hack was an Ethereum sidechain that’s used by play-to earn crypto game, Axie Infinity.
The connection was made public today by the United States Department of the Treasury, who announced that it had added an Ethereum wallet to its list of sanctions against the Lazarus Group. This is the same wallet address Sky Mavis, creator of Axie Infinity, named as Ronin attacker in March.
The first to report the news was. The label “Ronin Bridge Explorer” is visible in Ethereum wallet explorer Etherscan.
Sky Mavis has since acknowledged this connection in an updated to its original post on the Ronin exploit. The Elliptic and Chainalysis blockchain analytics firms have also confirmed that the wallet address listed today by the U.S. Treasury is the same as the Ronin exploit.
Lazarus was categorized by the FBI as a “state sponsored hacking organization” and its first attacks date back to 2009. Lazarus is accused of being responsible for WannaCry’s ransomware attack in 2017, 2014’s Sony Pictures breach, and several attacks on 2020 pharmaceutical companies.
Elliptic stated in a blog post that “it is not surprising that this attack was attributed to North Korea.” The attack mirrors the Lazarus Group’s previous high-profile attacks. Elliptic wrote that many of the features included the location of the victim and the attack method, which is believed to involve social engineering. They also used the same laundering pattern after the event.
On March 23, the Ronin Network exploit occurred when the bridge linking Ronin and the Ethereum mainnet was attacked with hacked private key, which are cryptographic keys that sign transactions. The keys were used for authorizing the transfer of funds to five of the nine Ronin validator nodes.
The attacker stole 173,600 WETH (or Wrapped Ethereum) and 25.5 Million USDC stablecoins, which collectively were worth $622 million at the time the hack was disclosed. Based on the total value of the assets at the time, it’s the 2nd-largest DeFi hack.
Sky Mavis announced a $150 million funding round by Binance in the following weeks to assist victims of the attack. Sky Mavis will tap its own balance to make sure users can withdraw their funds. However, it hopes to eventually recover stolen funds within the next two-years.
Elliptic reports that 18% have been sent to crypto exchanges and through Tornado cash. This smart contract-powered service mixes transactions to make it difficult to trace the funds. As of writing, the wallet still contains 147,753 ETH. This is approximately $444 million.
