US claims North Korea’s ‘Lazarus Group’ responsible for Axie Infinity hack US claims North Korea’s ‘Lazarus Group’ responsible for Axie Infinity hack

US claims North Korea’s ‘Lazarus Group’ responsible for Axie Infinity hack

Authorities in the US have blacklisted an Ethereum wallet containing over 100,000 units of the stolen funds.

US claims North Korea’s ‘Lazarus Group’ responsible for Axie Infinity hack

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

The U.S. Treasury Department has claimed that the North Korean hacker group Lazarus is responsible for the $625 million hack of the Axie Infinity Ronin bridge.

The agency added an Ethereum (ETH) address containing some of the stolen cryptocurrency to its sanctions list. As of April 14, the wallet held around 148,000 ETH.

Crypto analytics firm Chainalysis confirmed that the wallet received a substantial part of the stolen funds, while Elliptic recently revealed that around 14% of the amount has been laundered.

Who is the Lazarus Group?

The Lazarus group is a North Korean state-backed cybercrime unit that has been involved in several high-profile crypto heists in recent years.

Lazarus first came into the limelight in 2018 for stealing over $200 million in crypto from and has continued to gain notoriety.

In 2020, the group was also involved in stealing around $300 million worth of digital assets stolen from KuCoin, a Singapore-based crypto exchange.

Lazarus has begun to “deploy high-level techniques to steal and launder crypto profited from various cybercrime attacks” and is suspected to be backed by the DPRK government. A recent report revealed that parts of the Lazarus group have been using hacks to finance North Korea’s missile programs.

What is Ronin Network doing about the hack?

Ronin Network said in a blog that it is adding more security measures to the Ronin bridge to reduce the risk of a future occurrence and expects to redeploy the bridge by the end of the month.

Ronin network is an Ethereum side chain that hosts the Axie Infinity play-to-earn the game. The developer of the game, Sky Mavis, uses it because it offers a better scalability option, which is a requirement for a platform like Axie Infinity. 

Meanwhile, Axie Infinity raised $150 million from its investors to refund affected users. While the Ronin bridge isn’t back up yet, users can now withdraw via Binance.

CryptoSlate recently reported that the platform lost a considerable number of its users even before the hack.

What the US sanction means for the wallet

With the U.S. blacklisting the wallet that holds a substantial part of the funds, the group would have a much more difficult time converting the stolen funds into fiat.

The hacker has to use a centralized exchange to convert the stolen funds because it requires significant liquidity.

A spokesperson for the Treasury said:

Identification of the wallet will make clear to other VC actors that by transacting with it, they risk exposure to U.S. sanctions. This demonstrates Treasury’s commitment to using all available authorities to disrupt malicious cyber actors and block ill-gotten criminal proceeds.

Thus, it will now be impossible to transfer the funds in the wallet to a centralized exchange without getting flagged.