The U.S. Department of the Treasury is indicating that North Korean hackers appear to be behind the massive $600 million hack on an Axie Infinity (AXS) bridge last month.
The Office of Foreign Assets Control (OFAC) recently an Ethereum (ETH) address belonging to a North Korean cybercriminal organization known as Lazarus Group to its specially designated nationals and blocked persons list (SDN).
Blockchain explorer Chainalysis on Twitter that the same address was involved in the Axie Infinity hack.
“The attribution of the Ronin hack to Lazarus Group underlines two industry needs Chainalysis has highlighted previously: Understanding of how DPRK-affiliated threat actors exploit crypto, and better security for DeFi [decentralized finance] protocols.”
The Ronin Network, an Ethereum-linked sidechain made specifically for AXS, announced the hack on Twitter in late March, noting that the Ronin bridge was exploited for 173,600 ETH and 25.5 million USD Coin (USDC), amounting to a combined worth of over $600 million.
Axie Infinity is a trading and battling play-to-earn game based on the blockchain.
The attacker reportedly drained the funds from the Ronin network in two transactions after hacking private keys in order to forge fake withdrawals.
The Ronin chain has nine validator nodes, and five out of the nine signatures are needed to recognize a deposit or withdrawal event.
The attacker secured control of the four nodes belonging to Axie Infinity’s game developer, Sky Mavis, and one controlled by Axie DAO (decentralized autonomous organization), through a combination of social engineering and human error.
