The attack on the Ronin sidechain, on which the Axie Infinity game is based, had caused a lot of ink to flow three weeks ago. It is indeed the second most important hack in the history of cryptocurrencies. New twist in the case: the hacker group Lazarus, linked to the North Korean government, is accused of being behind it.
North Korea behind the Ronin/Axie Infinity hack?
The analysis site Chainalysis reported this news yesterday. It confirms that a U.S. Treasury department, the Office of Foreign Assets Control (OFAC), recently updated the Ethereum address linked to the Lazarus group. If the name sounds familiar, it’s not for nothing: this is a group of North Korean hackers who have made a name for themselves with attacks targeting cryptocurrency-related sites.
According to the U.S. Treasury, it is therefore also this group from North Korea that is behind the Ronin hack. The address updated by the institution is indeed linked to the funds: it would have received 173,600 ETH and 25.5 million USDC during the attack.
The news was further confirmed by Ronin sidechain officials in an update released yesterday:
“Today, the FBI linked the Ronin security breach to the Lazarus Group, which is based in North Korea. The U.S. government, and the Treasury in particular, has sanctioned the address that received the stolen funds.”
North Korea still interested in cryptocurrencies
It’s a recurring issue within the crypto ecosystem that resurfaces from time to time. It’s been known since 2019, if not earlier, that North Korea has been targeting crypto projects for funding, particularly as part of its weapons program. The Lazarus group would be used often, in order to steal cryptocurrencies.
It was estimated in 2020 that North Korea had accumulated $1.5 billion in crypto assets. In 2021, a UN report revealed that the hack of the KuCoin exchange, which had blown away $281 million, was linked to North Korea. The report again accused the country of funding its nuclear program through such thefts.