The FBI accuses two North Korean hacker groups of being behind the Ronin blockchain hack. During the attack, hackers stole more than $600 million in cryptocurrencies. Authorities blacklisted one of the Ethereum addresses belonging to the scammers to prevent them from laundering the funds.
At the end of March, $625 million worth of cryptocurrency was stolen from Ronin, the blockchain behind the famous cryptocurrency game Axie Infinity. In details, over 173,600 Ether and 25.5 million USDC were stolen by exploiting a security flaw. Through this breach, the attackers took control of the keys from Axie Infinity developer Sky Mavis.
It’s about biggest hack of all time occurred in the cryptocurrency world, just ahead of the Poly Network hack last year ($600 million). After investigation, the FBI (Federal Bureau of Investigation) was able to trace two groups of pirates from North Korea.
Ethereum address of blacklisted hackers
According to an FBI statement, the groups Lazarus and BlueNorOff (aka APT38) are behind the Ronin network attack. “Through our investigation, we were able to confirm that Lazarus Group and APT38, cyber actors associated with the Democratic People’s Republic of Korea, are responsible for the theft of $620 million from Ethereum reported on March 29”explains the FBI.
Upstream, the blockchain analysis firm Chainanalysis was able to identify one of the hackers’ Ethereum addresses. “The US government, specifically the Treasury Department, sanctioned the address that received the stolen funds,” explains Sky Mavis, developer of Axie Infinity, on Twitter. In concrete terms, the address has been blacklisted. This is a first for the United States Treasury.
This penalty may antagonize hackers. “Wallet identification will make it clear to other players that by transacting with the wallet, they risk being exposed to US sanctions. This demonstrates the Treasury’s commitment to using all available means to disrupt malicious cyber actors and block ill-gotten proceeds of crime”explains the US Treasury Department in a press release.
Read also: A malicious NFT can steal all your cryptocurrencies
Unfortunately, it seems thatsome (14%) of the stolen funds had already been laundered by attackers when the address was blacklisted. “We are still adding additional security measures before redeploying the Ronin Bridge to mitigate future risks. Expect the bridge to be deployed by the end of the month”explain the developers of Ronin on the official blockchain website.
