U.S. officials have linked hacking group Lazarus to the recent largest decentralized finance hack: theft of $625 million in cryptocurrency from the Ronin Network, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity.
The popular play-to-earn title’s Ethereum-linked Ronin sidechain was exploited for 173,600 ether, or about $597 million, and $25.5 million worth of the stablecoin USDC. The heist, which totaled $625 million at the time, is the largest decentralized finance hack to date, according to the DeFiYield REKT database, which tracks DeFi scams, hacks and exploits. Bizarrely, the exploit occurred on March 23, but was not discovered until March 29! Ronin developers (Vietnamese gaming studio Sky Mavis) shared in a post: “We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge.” The hack occurred across two transactions, one for the ether and the other for the USDC, according to Etherscan on-chain data. Both deposits were drained from the bridge contract. The attacker used hacked private keys to forge fake withdrawals.
The team stated it is working with “various government agencies to ensure the criminals get brought to justice.” The FBI said on April 14th “Through our investigations we were able to confirm Lazarus Group and APT38, cyber actors associated with [North Korea], are responsible for the theft”. The same day, the US Treasury’s OFAC placed Lazarus on the SDN List (Specially Designated Nationals and Blocked Persons List) under North Korea Sanctions Regulations. It means new sanctions against an Ethereum wallet belonging to the group. Blockchain analysis firms Elliptic and Chainalysis have both confirmed that the U.S. Treasury’s wallet address is identical to the one used in the Ronin hackwhen the attackers exploit the network to get the money.
Lazarus Group (aka Guardians of Peace, Whois Team, HIDDEN COBRA and Zinc) is a cybercrime group made up of an unknown number of individuals allegedly run by the North Korean state. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Lazarus Group gained notoriety in 2014 after they were accused of hacking into Sony Pictures and publicly leaking confidential data.
Sky Mavis announced that it has raised $150 million in funding led by crypto exchange Binance to help reimburse users who lost funds during the attack. Animoca Brands, a16z, Dialectic, Paradigm and Accel also participated in raising funds.
