Filed under:
US blames North Korean hacker group for $625 million Axie Infinity theft
The US Department of Treasury says Lazarus is behind the attack
"The US Treasury Department blames North Korean hacking group Lazarus for stealing $625 million in cryptocurrency from the Ronin network, the blockchain backing the Axie Infinity play-to-earn crypto game, according to a report from Vice. On Thursday, the Department of Treasury updated sanctions to include the wallet address that received the funds and attributed it to the Lazarus group.
In an updated post about the incident, the Ronin network, which is owned by developer group Sky Mavis, explains the US Department of Treasury and FBI have pinned the attack on Lazarus. “We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” the post reads. “We expect to deliver a full post mortem that will detail security measures put in place and next steps by the end of the month.” Ronin says it will bring its bridge back online “by the end of the month.” The bridge allows users to transfer funds between other blockchains and Axie Infinity and has been blocked off since the attack.
As noted by Vice, the flagged wallet address currently contains over $445 million USD (148,000 Ethereum) and sent almost $10 million (3,302.6 ETH) to another address less than a day ago. Crypto transaction tracker Etherscan labels the address as “reported to be involved in a hack targeting the Ronin bridge.”
On March 29th, hackers made off with $625 million worth of Ethereum in one of the biggest crypto heists to date. According to cryptocurrency investigation group Chainanalysis, the Lazarus group is tied to North Korea’s intelligence agency and was responsible for seven attacks last year. The group gained notoriety for hacking Sony Pictures in 2014, leaking The Interview, a comedy set in North Korea directed by Seth Rogen. It later used Trojan malware to steal millions from ATMs across Asia and Africa in 2018 and has also been linked to WannaCry ransomware.
FBI links largest crypto hack ever to North Korean hackers
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the address that received the cryptocurrency stolen in the largest cryptocurrency hack ever, the hack of Axie Infinity's Ronin network bridge.
The Federal Bureau of Investigation (FBI) said two North Korean hacking groups, Lazarus and BlueNorOff (aka APT38), were behind last month's Ronin hack.
"Through our investigation, we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th," the FBI said.
"The FBI, in coordination with Treasury and other U.S. Government partners, will continue to expose and combat the DPRK's use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime."
. . .On March 29, Sky Mavis disclosed that the Ronin bridge was hacked, with 173,600 Ethereum and 25.5M USDC tokens stolen in two transactions [1 and 2], worth over $617 million.
Sky Mavis also published an update to their initial blog post disclosing the attack, saying the FBI now attributes the attack to the North Korean-backed Lazarus Group hacking group.
"Today, the FBI attributed North Korea based Lazarus Group to the Ronin Validator Security Breach," Sky Mavis said today..."
Related Articles:
US issues guidance on North Korean hackers, offers $5M reward
Ethereum dev imprisoned for helping North Korea evade sanctions
DPRK hackers go after crypto assets using trojanized DeFi Wallet app
$620 million in crypto stolen from Axie Infinity's Ronin bridge
US Treasury: Russia may bypass sanctions using ransomware payments
No comments:
Post a Comment