Apr 14, 2022 - Economy & Business

$620 million crypto theft linked to North Korea

Illustration of a hand in gloves and a winter jacket on a computer mouse
Illustration: Sarah Grillo/Axios

March's massive theft from a crypto service built to support a video game can be tied to a hacking group associated with North Korea, according to information posted by the Treasury Department.

Details: In March, Ronin announced that roughly $620 million worth of Ethereum and USDC tokens was stolen by a hacker from its network bridge to the Axie Infinity game.

Driving the news: Treasury has a "specially designated nationals" page devoted to the Lazarus Group, noting its many aliases, and linking it to the communist nation.

  • The page was updated on Thursday adding an Ethereum address as specifically linked to the group.

Ethereum is the second largest blockchain. It works on an account basis, so an address on Ethereum works in many ways like your login to Facebook does.

  • By listing the address on that page, Treasury is saying that they have matched the address to activity from Lazarus.
  • Treasury's Office of Foreign Assets Control (OFAC) has not specifically made a statement about the exploit and Lazarus group, but the blockchain surveillance firm, Chainalysis, has linked that address to the exploit.
  • The address currently holds $441 million in ether alone, according to Etherscan.

By the numbers: This one breach was worth more than all the crypto North Korea was reportedly able to steal throughout 2021.

  • What we are watching: Tornado Cash is an app on Ethereum built to break the chain between sender and recipient, thereby making it possible to sell it on exchanges that have blacklisted addresses associated with the attack. So far, $65 million in ether has already been sent to the app.

Flashback: The Lazarus Group was previously tied to the 2014 hack of Sony Pictures.

Context: The Ronin sidechain was built to improve the user experience of the most popular play-to-earn video game, Axie Infinity.

  • The company that built both, Sky Mavis, was able to use the game's community treasury and an infusion of $150 million in investor funds to repay all the people who lost funds in the exploit.

Sidechains are used to provide users a faster and less pricey experience.

  • Assets bridged to the sidechain still have assurance, provided by Ethereum, that the underlying supply can't be manipulated.
  • Bridges have been a major source of vulnerability this year. In February, $300 million in crypto was lost on a bridge to the Solana blockchain.

So far, victims of these breaches have subsequently made whole by deep-pocketed crypto backers.

The bottom line: Recently, some hackers making big crypto scores have returned funds. That looks much less likely now.

Go deeper