The USA government has pointed the finger towards a North Korean hacker group called ‘Lazarus’ for the $625M attack on the Sky Mavis’ Ronin Network.
The Treasury Department has added the Ethereum address which received the stolen funds to its sanctions list.
The sanction prohibits US persons and entities from transacting with this address to ensure that the Ethereum address cannot cash out any more funds they continue to hold through US-based crypto exchanges.
Creators of the Ronin Network credited and thanked the FBI with figuring out the connection to Lazarus and the Treasury Department for sanctioning the Ethereum address.
Crypto analytics firm Chainanalysis affirmed these findings and tracing firm Elliptic estimates that 18% of the stolen funds have already been laundered.
“Many features of the attack mirrored the method used by Lazarus Group in previous high-profile attacks, including the location of the victim, the attack method (believed to have involved social engineering) and the laundering pattern utilized by the group after the event”, wrote Elliptic in a blog post.
Ronin Network said they are still working on the security measures of Ronin Bridge before redeploying it. The bridge, however, will be released by the end of the month.
They also promised to release a post mortem report detailing the security measures they have taken and their next steps. The report can be expected by the end of the next month.
The Ronin Network is an Ethereum based sidechain of the studio Sky Mavis for the NFT game Axie Infinity.
On March 29, it was reported that Axie Infinity suffered an exploit of over $600M. Almost 173,600 ETH and 25.5M USDC were stolen from the Ronin Bridge after the attack.
On April 4, it was noticed that the main Ethereum address used in the attack transferred over 2,001 ETH in two different transactions on separate addresses entitled “Ronin Bridge Exploiter 8” on the Etherscan. The attacker then moved around 1400 ETH.
