The US Treasury has alleged that the North Korea-based Lazarus hacking group was behind the $625M hack of the Ronin network, which happened last month. Popular play-to-earn crypto game, Axie Infinity, is built on this Ethereum sidechain known as the Ronin network. On Thursday, the treasury department gave a detailed account of how it connected the famous hacking group to the Ronin network attack.
The Treasury’s Analysis And Conclusion
The agency revealed that it included another ETH wallet address as one of those owned by the Lazarus group. Sky Morris (Axie Infinity co-founder) had earlier identified this wallet as one of the wallets used by the hackers when it attacked the Ronin network. As reported by Coindesk, Etherscan data shows that the Ethereum wallet is labeled as a “Ronin bridge exploiter.”
The Ronin co-founder also updated its original Ronin hack exploit to link it with the new information. Also, blockchain cybersecurity firms, Chainalysis and Elliptic, confirmed the US Treasury’s allegation that it was the same wallet address used in the Ronin exploit.
The FBI’s Label For The Hacking Group
The FBI believes that the state sponsors the Lazarus group’s hacking activities, especially as the group has been in operation for more than a decade. After becoming popular for an attack in 2009, some of the special attacks that the group had carried out include the 2014 breach of Sony pictures, the 2017 ransomware attack known as Wannacry, and several attacks on various pharma firms two years, and this 2022 Ronin network attack.
Part of Elliptic’s post states that “it isn’t surprising that the Lazarus group is alleged to be behind this attack. The manner of the attack is similar to other popular Lazarus-linked attacks such as the victim’s location and the way the money was laundered.”
Late last month, the Ronin network acknowledged that it had been hacked after the attackers illegally accessed the private keys of the Ronin-Ethereum mainnet bridge. The private keys are cryptographic by nature and used to confirm crypto transactions. The hackers validated five out of nine active nodes on the network to steal funds from it.
Analyzing The Aftermath Of The Attack
After a detailed analysis of what was stolen, Ronin revealed that the hackers stole nearly $625M worth of digital assets. According to data from several crypto security firms, the value of the stolen crypto is the second-largest in DeFi history based on the value of the cryptos on the day the hack happened.
A couple of weeks after the attack, Ronin’s co-founder (Sky Mavis) revealed that the company generated $150M from its latest funding round, which Binance mainly financed. Mavis stated that the primary purpose of the funds was to refund the user funds following the attack.
Furthermore, Sky Mavis revealed that the firm would enable withdrawal from the platform to ensure that users can access their funds. Then, the company can focus on recovering the stolen funds within the next two years. Elliptic’s update on the hack states that 19% of the stolen funds have been transferred to several crypto exchanges.
