US Treasury Connected North Korean Hackers To The Ronin Chain Hack

The US Treasury connected North Korean hackers to the recent Ronin chain hack and added the hackers to its sanctions list as well so let’s read more in today’s latest cryptocurrency news.

The US Treasury connected the ETH Wallet address to a sanctioned list and tied it to North Korea’s Lazarus Group hackers. This is the same address that was related to the recent $622 million attacks on the Ronin network of Axie Infinity. The hacking group is responsible for last month’s hack of the Ronin sidechain which is used by the play-to-earn game Axie Infinity. The connection was revealed today when the US Department of Treasury announced that it added the ETH wallet address to the list of sanctions for the Lazarus Group and it is the same wallet address that Sky Mavis named as the Ronin attacker back in March.

Sky Mavis since acknowledged the connection in an update to the original post about the Ronin exploit and Chainalysis and Elliptic also affirmed that the wallet address listed by the Treasury is the same one used in the Ronin exploit. The FBI labeled Lazarus as a “state-sponsored hacking organization” with the earliest attacks dating back to 2009. Lazarus is responsible for the 2017 WannaCry ransomware attack as well as the breach 2014 of Sony Pictures. Elliptic wrote in its reports:

“It is somewhat unsurprising that this attack has been attributed to North Korea. Many features of the attack mirrored the method used by Lazarus Group in previous high-profile attacks, including the location of the victim, the attack method (believed to have involved social engineering) and the laundering pattern utilized by the group after the event.”

The Ronin Network exploits happened on March 23 when the bridge connecting Ronin to the ETH mainnet was attacked by using hacked private keys that are cryptographic keys used to sign transactions and these keys were used to approve the transfer of funds from five to nine active validator nodes on the Ronin sidechain. The attackers stole 173,600 WETH and 25.5 million USDC stablecoin that were worth about $622 million when the hack was discovered and disclosed in March. This is the second biggest DEFI hack to date based on the value of the assets when the attack happened.

In the weeks since Sky Mavis announced a $150 million funding round by Binance to help reimburse users that are affected by the attack and Sky Mavis will tap the balance sheet to ensure that the users can withdraw their funds but aims to recover the stolen funds in the next two years.