The notorious Lazarus Group, a North Korean state-sponsored threat actor, appears to be behind the recent major breach of the Ronin network, the FBI said.
The Ronin Network, a cryptocurrency bridge developed by the same company behind the hugely popular blockchain-based game, Axie Infinity, was attacked in late March 2022, with the attackers fleeing with $625 million in various cryptocurrencies.
Now, according to Vicethe FBI and the US Treasury Department (USDT) pinned this attack on Lazarus, after updating its file on the attack with a wallet that had received the stolen funds, which it claims belong to the group.
Fixing the bridge
The makers of the Ronin network, meanwhile, said it would take a little longer before they could bring the product back online.
“We are still adding additional security measures before redeploying the Ronin Bridge to mitigate future risks,” the company wrote in a blog post. “We expect to deliver a full autopsy which will detail the security measures put in place and next steps by the end of the month.”
The bridge is expected to resume operations “by the end of the month”.
The USDT-reported wallet currently holds 148,000 ETH, or over $447 million at press time. The owners of the wallet sent 3,302.6 ETH, or about $10 million, to another address earlier this week. Wallet details can also be found on blockchain explorer Etherscanwhere he was tagged as “involved in a hack targeting the Ronin Bridge”.
The hack saw 173,600 ether (the native currency of the Ethereum blockchain) and 25.5 million USD coins stolen, with a total value of $625 million. Some commentators have suggested that it could be the biggest heist in crypto history.
Given the transparent nature of the blockchain, the Ronin network was able to quickly establish that the funds had been withdrawn from its terminals on March 23. However, it wasn’t until a user reported that they couldn’t withdraw 5,000 Ether that the team noticed the breach.
An investigation revealed that the attacker used hacked private keys to forge fake withdrawals, the organization said. It would appear that no virus was used in the attack.