North Korean ‘Lazarus’ group behind the $615 million cryptocurrency theft, U.S. officials say

Late last month, we wrote about the largest crypto heist after hackers stole $615 million worth of cryptocurrency from the maker of the popular online game Axie Infinity Ronin Network.

The blockchain startup reported that hackers exploited its network and made off with 173,600 Ethereum and 25.5M USDC, noting that an attacker had “used hacked private keys” in order to forge fake withdrawals. The actual identity of the hackers was not known at the time, until now.

On Thursday, the United States said that North Korean state-backed hacking collective Lazarus Group was behind the theft of hundreds of millions of dollars worth of cryptocurrency tied to the popular online game Axie Infinity.

In a statement, the U.S. Treasury Department said, “The United States is aware that the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs as it tries to evade robust U.S. and U.N. sanctions.”

In addition, the Treasury Department also announced new sanctions against an Ethereum wallet belonging to the Lazarus Group. The North Korean hackers had a profitable year as the price of cryptocurrencies like Bitcoin and Ethereum skyrocketed. According to a report from CISO Magazine, hacker groups like Lazarus reportedly stole over $400 million in cryptocurrency in 2021 alone.

 According to a blog post published by the Ronin Network’s official Substack, Ronin Network said that hackers made off with over $625 million in Ethereum and USDC, noting that an attacker had “used hacked private keys in order to forge fake withdrawals.

Back in March, Ronin Network said the exploit affected its validator nodes for Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie decentralized autonomous organization (DAO). Ronin Network explains that an attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions, as seen on Etherscan.

There has been a security breach on the Ronin Network. Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions (1 and 2). The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge.

While the Ronin sidechain has nine validators requiring five signatures for withdrawals and is meant to protect against these types of attacks, the blog post notes that “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”

The company pegged the losses at 173,600 ether and 25.5 million in USDC, currently worth in excess of $625 million.