30 Indian Minds Leading the AI Revolution

US Govt Links North Korea to Axie Infinity Hack

Lazarus is one of the most prolific hacker organisations linked to North Korea, having targeted crypto entities since 2017

Shashank Bhardwaj
Published: Apr 19, 2022 02:02:22 PM IST

Image: Shutterstock

On April 14, the US law enforcement issued fresh sanctions against an Ethereum wallet belonging to the Lazarus Group, an online crime ring linked to the North Korean government and suspected to be behind the $540 million hack of the online game Axie Infinity last month.

Despite knowing the wallet address associated with the attack, since the day of the attack, the Treasury Department's Office of Foreign Assets Control (OFAC) only tied it to Lazarus on Thursday, April 14, adding it to OFAC's Special Designated Nationals List and sanctioning the funds.

Elliptic and Chainalysis, leading blockchain analysis firms, have verified that the US Treasury's wallet address is the same as the one used in the Ronin hack.

Chainalysis tweeted that the updates to OFAC’s SDN designation for Lazarus Group confirm that the North Korean cybercriminal group was behind the March hack of Ronin Bridge, in which over $600 million worth of ETH and USDC was stolen. According to Elliptic's internal analysis, the attacker has been able to launder 18 percent of their stolen assets as of April 14.

According to the DeFiYield REKT database, the hack, which fetched the attackers 173,600 ether (about $597 million) and $25.5 million worth of the stablecoin USDC, is the largest DeFi hack to date. 

Read More

Lazarus Group has allegedly stolen almost $2 billion in cryptocurrency from crypto companies since at least 2017. "Until 2021, the majority of this activity was directed towards centralised exchanges located in South Korea or elsewhere in Asia. However, within the past year, the group’s attention has turned to DeFi services", reports Elliptics.

Axie Infinity's owner, Sky Mavis, has promised a $150 million funding round headed by Binance to compensate customers affected by the incident. All stolen funds are expected to be recovered within the next two years. Mavis is also currently implementing rigorous internal security measures to prevent future assaults. And the Ronin Network bridge is scheduled to resume after a security upgrade and a series of audits.

Acknowledging the Treasury Department listing, the company said, "We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk. Expect the bridge to be deployed by the end of the month. We would like to extend a thank you to all law enforcement agencies who have supported us in this ongoing investigation."

The writer is a founder at yMedia. He ventured into crypto in 2013 and is an ETH maximalist. Twitter: @bhardwajshash

X