There has been a North Korean sanctions list launched by the U.S. government long ago. Yesterday, the U.S. Treasury Department added an Ethereum wallet address to the list. It is linked to the recent hack of a crypto platform affiliated with the play-to-earn game Axie Infinity.
Further reading: The US Gov Hacked A Popular Hackers Group, Namely Revil
At the end of March, Sky Mavis, which operates Axie Infinity, issued a statement, saying that its Ronin Network “bridge” was hacked for $625 million in Ethereum and USDC tokens.
This Vietnam-based company launched the network, making playing the game cheaper by porting tokens from Ethereum to the Ronin blockchain.
Ronin Network Is Not Safe
At the moment, the Ethereum address marked as “Ronin Bridge Exploiter” holds nearly 148,000 ETH worth over $445 million USD. Interestingly, a day ago, through it, there was a transfer worth 3,302.6 ETH (nearly $10 million).
“Today, the FBI attributed North Korea–based Lazarus Group to the Ronin Validator Security Breach,” said Sky Mavis. “We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” the company added. “We expect to deliver a full post mortem that will detail security measures put in place and next steps by the end of the month.”
In its turn, Ronin promises to bring the bridge back online “by the end of the month.”
This hack not only became one of the largest thefts in crypto history but also caused a lot of questions concerning the Ronin Network’s security model. The latter has been relying on nine trusted validators. As for this specific case, the hackers could take over a majority of five validators to transfer funds. Now, there are 21 validators. But will this help the network to become more secure?
North Korea Is Behind To Many Hacks
Not surprisingly, North Korea is behind a number of cryptocurrency hacks. For instance, in 2021, such an activity brought $400 million to the country. And Lazarus Group ought to be the main coordinator of those hacks. As a cryptocurrency investigation group, Chainanalysis said, the Lazarus group was responsible for up to seven attacks last year. It hacked systems of Sony Pictures in 2014. We guess you remember the incident when The Interview appeared online before the release. Later, the group used Trojan malware to steal millions from ATMs across Asia and Africa in 2018.
By the way, this week, a US citizen who is also an Ethereum programmer was sentenced to more than five years in prison. The thing is that back in 2019 he traveled to North Korea and gave a presentation on how North Korea can avoid sanctions.