According to the US Department of the Treasury, North Korean hackers seem to be responsible for last month’s major $600 million hacks on an Axie Infinity (AXS) bridge.
The Office of Foreign Assets Control (OFAC) has added an Ethereum (ETH) address to its list of specially designated nations and prohibited people connected to a North Korean cybercriminal organization known as Lazarus Group (SDN).
Chainalysis, a blockchain researcher, noted on Twitter that the same address was used in the Axie Infinity attack. “The Ronin hack’s attribution to Lazarus Group highlights two industry requirements previously identified by Chainalysis: a greater understanding of how DPRK-affiliated threat actors exploit crypto, and improved security for DeFi [decentralized finance] protocols.”
The Ronin Network, an Ethereum-connected sidechain created specifically for AXS, declared the attack on Twitter in late March, claiming that the Ronin bridge was used to steal 173,600 ETH and 25.5 million USD Coin (USDC), totaling more than $600 million.
Axie Infinity is a blockchain-based play to earn and battle game, According to reports, the attacker stole cash from the Ronin network in two transactions after hacking private keys and forging false withdrawals.
The Ronin chain is made up of nine validator nodes, and five of the nine signatures are required to recognize a deposit or withdrawal event.
Through a mix of social engineering and human error, the attacker gained control of four nodes belonging to Axie Infinity’s game creator, Sky Mavis, and one managed by Axie DAO (decentralized autonomous organization).