The U.S. Treasury Department has claimed that the North Korean hacker group Lazarus is responsible for the $625 million hack of the Axie Infinity Ronin bridge.
The agency added an Ethereum (ETH) address containing some of the stolen cryptocurrency to its sanctions list. As of April 14, the wallet held around 148,000 ETH.
THREAD: Updates to OFAC’s SDN designation for Lazarus Group confirm that the North Korean cybercriminal group was behind the March hack of Ronin Bridge, in which over $600 million worth of ETH and USDC was stolen.
— Chainalysis (@chainalysis) April 14, 2022
Crypto analytics firm Chainalysis confirmed that the wallet received a substantial part of the stolen funds, while Elliptic recently revealed that around 14% of the amount has been laundered.
Who is the Lazarus Group?
The Lazarus group is a North Korean state-backed cybercrime unit that has been involved in several high-profile crypto heists in recent years.
Lazarus first came into the limelight in 2018 for stealing over $200 million in crypto from Gate.io and has continued to gain notoriety.
In 2020, the group was also involved in stealing around $300 million worth of digital assets stolen from KuCoin, a Singapore-based crypto exchange.
Lazarus has begun to “deploy high-level techniques to steal and launder crypto profited from various cybercrime attacks” and is suspected to be backed by the DPRK government. A recent report revealed that parts of the Lazarus group have been using hacks to finance North Korea’s missile programs.
What is Ronin Network doing about the hack?
Ronin Network said in a blog that it is adding more security measures to the Ronin bridge to reduce the risk of a future occurrence and expects to redeploy the bridge by the end of the month.
Ronin network is an Ethereum side chain that hosts the Axie Infinity play-to-earn the game. The developer of the game, Sky Mavis, uses it because it offers a better scalability option, which is a requirement for a platform like Axie Infinity.
Meanwhile, Axie Infinity raised $150 million from its investors to refund affected users. While the Ronin bridge isn’t back up yet, users can now withdraw via Binance.
CryptoSlate recently reported that the platform lost a considerable number of its users even before the hack.
What the US sanction means for the wallet
With the U.S. blacklisting the wallet that holds a substantial part of the funds, the group would have a much more difficult time converting the stolen funds into fiat.
The hacker has to use a centralized exchange to convert the stolen funds because it requires significant liquidity.
A spokesperson for the Treasury said:
Identification of the wallet will make clear to other VC actors that by transacting with it, they risk exposure to U.S. sanctions. This demonstrates Treasury’s commitment to using all available authorities to disrupt malicious cyber actors and block ill-gotten criminal proceeds.
Thus, it will now be impossible to transfer the funds in the wallet to a centralized exchange without getting flagged.