New Research Shows North Korean Cybercriminal Group Responsible for Ronin Bridge Hack
The Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department has revised its Specially Designated Nationals (SDN) list with additional material linking the North Korean-backed Lazarus Group APT to the Ronin bridge hack.
More than $600M Worth of Crypto Stolen
Sky Mavis revealed on March 29 that the Ronin bridge had been hacked, with 173,600 Ethereum and 25.5 million USDC tokens worth about $625 million robbed in two transactions.
On Thursday, the Treasury Department added an Ethereum address to its list of sanctioned entities. When the sanctioned wallet address was evaluated, Wallet profiler Nansen said its a “Ronin Bridge Exploiter.” At the time of writing, it had 148,000 ETH on hand. The wallet is connected to the Ronin flaw.
The most recent cryptocurrency heist was the $611 million Poly Network compromise in August 2021, making this one of the most notorious crypto hacks recorded.
The Ethereum address implicated in the historic security breach has now been added to the U.S. Treasury’s names of SDNs (Specially Designated Nationals) and Blocked Persons (SDN).
Elliptic, a tracing agency, calculated that about 14% of the stolen assets had been laundered by the hackers Thursday.
Infamous Lazarus Group Linked to the Hack
The Government had linked Lazarus (tracked as HIDDEN COBRA by the U.S.) to the validation breach, and the Treasury Department had sanctioned the transactions, according to Ronin Network in a blog post. Ronin also said that they are still on the way to enhancing security measures before reemploying Ronin Bridge to reduce any inherent future risks. They aim to redeploy the measures before the end of the month while promising a full post-mortem later.
According to a source in the tracing business, this is the first time the Treasury’s sanctions office has blacklisted a purported Lazarus-held crypto wallet.
Operators of the infamous Lazarus group have been linked to several high-profile cybercrimes, including the global WannaCry ransomware campaign in 2017 and intrusions on Sony Pictures and several other banks worldwide. The group has reportedly embezzled over $5 billion equivalent in crypto since at least 2017.
In January and March 2021, Google discovered the Lazarus Group attempting to target security researchers as part of a complex social engineering attack.
Wallet with Stolen Funds was Named
The address was instantly classified as soon as it was discovered in yet another transparency test of blockchain technology. Nansen initially labeled the sanctioned address “associated with the Ronin attack.”
The wallet’s worth is nearly 30% less than the entire amount stolen in the attack. In other words, the hackers were able to steal at least $150 million.
The data analysis firm Chainalysis was next to respond, verifying that the address was implicated in the attack. In other words, if the crime is truly Lazarus, the organization will have recovered all of the cryptocurrency value stolen in 2021 in a single attack.