US Treasury’s sanctions office blacklists an alleged Lazarus-held crypto wallet
A group of North Korean Hackers known as Lazarus has been identified as one of the culprits behind a hack on the Ronin Bridge after The US Treasury Department added an Ethereum address to its sanctions list on Thursday. Chainalysis confirmed the address was involved in the Ronin hack, having received 173,600 ETH and 25.5 million USDC from the Ronin Bridge smart contract during the attack.
- When DappRadar checked the wallet on Friday, April 15, the address held 147,000 ETH worth around $447 million.
- The ETH address is now labeled in the Sanctions category in all Chainalysis products.
- Elliptic estimated that 14% of the stolen funds had already been laundered.
Ronin is a custom sidechain created by Sky Mavis. It’s connected to the main Ethereum blockchain and supports faster and cheaper transactions for players of the leading play-to-earn game Axie Infinity. The hack is the most extensive exploit in crypto history.
The newly appointed ETH address has now been labeled in the Sanctions category in all Chainalysis products. Tracing firm Elliptic estimated that 14% of the stolen funds had already been laundered by Thursday, April 14. Ronin Network said in a blog post that the FBI had linked Lazarus with the validator breach and that the Treasury Department sanctioned the funds. Moreover, it is believed this is the first time the US Treasury’s sanctions office has blacklisted an alleged Lazarus-held crypto wallet.
Hacks on the rise
According to Chainalysis, hackers are stealing more cryptocurrency from DeFi platforms than ever before. In a recent report, they stated that in the past, cryptocurrency hacks were largely the result of security breaches in which hackers gained access to victims’ private keys. This would be the crypto-equivalent of pickpocketing. Ronin Network’s March 2022 breach has shown the continued effectiveness of this technique. Additionally, they point out that the attribution of the Ronin hack to Lazarus Group underlines two vital things the industry needs to understand better. First, how DPRK-affiliated threat actors exploit crypto, and secondly, better security for DeFi protocols.
Tricky time for Axie & Ronin
The news will be welcomed by those with funds affected by the exploit. The wider community should see it as steps in the right direction regarding safety and cooperation with those investigating cybercrime. The news pushed Axie back in the right direction after it announced it had secured $150 million in a funding round led by the world’s largest crypto exchange Binance, with participation from Animoca Brands, a16z, Dialectic, Paradigm, and Accel.
Meanwhile, Sky Mavis’s leading game Axie Infinity has been having a tough time but appears to be rebounding from the exploit after losing almost half its users overnight. Unique active wallets connecting to Axie are down by around 15% from the previous week, but recovering as confidence returns. More important will be the reopening of the Ronin bridge.
Ronin says it is still in the process of adding additional security measures before redeploying the Ronin Bridge, targeting deployment before the end of April and promising a full post-mortem of the exploit soon after. At the same time, the decentralized exchange Katana has resumed operations.
The above does not constitute investment advice. The information given here is purely for informational purposes only. Please exercise due diligence and do your research. The writer holds positions in various cryptocurrencies, including BTC, ETH, and RADAR.