Key Takeaways:
- The Treasury Department of the United States added an Ethereum wallet address to its sanctions list today, linking it to North Korea’s Lazarus Group.
- It’s the same as the $622 million attacks on Axie Infinity’s Ronin Network last month.
Last month, The Lazarus Group of N. Korea was accused of being the mastermind behind the $622 million hacks of Ronin Network, an Ethereum sidechain utilized by the play-to-earn crypto game Axie Infinity.
A hack resulted in the loss of around $625 million in cryptocurrency. To claim the funds, the attackers exploited “hacked private keys” to fake transactions. Ronin is an Ethereum sidechain that was created for the popular NFT game Axie Infinity.
The connection was exposed today when the US Department of Treasury added a new Ethereum wallet address to the Lazarus Group’s list of sanctions. In late March, Sky Mavis, the founder of Axie Infinity, identified this wallet address as the Ronin attacker.
Etherscan, an Ethereum wallet explorer, discloses that the wallet is labeled “Ronin Bridge Exploiter.” Two blockchain analytics firms, Chainalysis and Elliptic, have also confirmed that the wallet address provided by the US Treasury today is the same one used in the Ronin breach.
Lazarus has been designated as a “state-sponsored hacking outfit” by the FBI. Lazarus is accused of being behind the 2017 WannaCry ransomware assault, the Sony Pictures breach in 2014, and other high-profile strikes.
The Ronin Network was breached on March 23 when the bridge connecting Ronin to the Ethereum mainnet was attacked with compromised private keys, which are cryptographic keys necessary to sign transactions. Five of Ronin’s nine active validator nodes approved the transfer of currency using the hacked keys.