The US Treasury Department has claims the North Korean hacker group Lazarus is responsible for this $625 million chop the Axie Infinity Ronin Bridge.
The agency added Ethereum (ETH) address containing part of the stolen cryptocurrency to its sanctions list. On April 14, the wallet contained around 148,000 ETH.
THREAD: Updates to OFAC’s SDN designation for the Lazarus Group confirm that the North Korean cybercriminal group was behind the Ronin Bridge hack in March that stole over $600 million worth of ETH and USDC.
— chain analysis (@chain analysis) April 14, 2022
cryptanalysis company chain analysis confirmed that the wallet received a substantial portion of the stolen funds while Elliptical recently uncovered that around 14% of the crowd was washed.
Who is the Lazarus Group?
The Lazarus Group is a North Korean state-backed cybercrime unit that has been involved in several high-profile crypto heists in recent years.
Lazarus first came into the limelight in 2018 for stealing over $200 million in crypto from Gate.io and has continued to gain notoriety.
In 2020, the group was also involved in stealing around $300 million worth of digital assets stolen from KuCoin, a Singapore-based crypto exchange.
Lazarus has started “using high-level techniques to steal and launder crypto that has benefited from various cybercrime attacks” and is suspected of being supported by the DPRK government. A recent report revealed that parts of the Lazarus group used hacks to Funding North Korea missile programs.
What is Ronin Network doing about the hack?
That’s what Ronin Network said in a blog It is adding more security measures to the Ronin Bridge to reduce the risk of a future incident and expects to have the bridge back in service by the end of the month.
The Ronin Network is an Ethereum sidechain hosting the Axie Infinity play-to-earn game. The game’s developer, Sky Mavis, uses it because it offers a better scalability option, which is a requirement for a platform like Axie Infinity.
Meanwhile, Axie Infinity behaved $150 million from its investors to reimburse affected users. While the Ronin bridge is yet to be restored, users can now withdraw via Binance.
CryptoSlate recently reported that the platform had already lost a significant number of its users before the hack.
What the US sanction means for the wallet
With the US blacklisting the wallet containing a significant portion of the funds, the group would have a much harder time turning the stolen funds into fiat.
The hacker has to use a centralized exchange to convert the stolen funds as it requires significant liquidity.
A Treasury Department spokesman said:
Identifying the wallet will make it clear to other VC players that by transacting with it they risk exposure to US sanctions. This demonstrates the Treasury Department’s commitment to using all available authorities to disrupt malicious cyber actors and block ill-gotten criminal proceeds.
Therefore, it is now impossible to transfer the funds in the wallet to a centralized exchange without being flagged.