Summary: The U.S. Treasury Department suggests that North Korean hacking group Lazarus is behind the more than $600 million theft of cryptocurrency from Axie Infinity’s Ronin Network which consisted of 173,600 Ethereum and 25.5 million in USDC.  The Treasury Department added an Ethereum address to its sanctions list on Thursday which also happens to be labeled ...

The U.S. Treasury Department suggests that North Korean hacking group Lazarus is behind the more than $600 million theft of cryptocurrency from Axie Infinity’s Ronin Network which consisted of 173,600 Ethereum and 25.5 million in USDC. 

The Treasury Department added an Ethereum address to its sanctions list on Thursday which also happens to be labeled as a “Ronin Bridge Exploiter.” 

Chainalysis, a popular Crypto analytics page, tweeted that the new address on the sanctions list “was involved in the Ronin hack.” 

1.png

In recognition of this hack, Chainalysis highlighted two industry needs, “understanding of how DPRK-affiliated threat actors exploit crypto, and better security for DeFi.” 

2.png

Ronin’s newsletter was updated today to feature the FBI attributing the attack to North Korea. It also released a statement Thursday with the attack in mind. 

“We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk. Expect the bridge to be deployed by end of month. Security comes first. The timeline is subject to change based on the implementation time of several security measures.”

The entity behind the Ronin Network exploit, who we now believe is Lazarus, moved tens of millions of dollars worth of stolen Ethereum in the last week through Tornado Cash, a decentralized privacy protocol according to blockchain data

Tornado Cash enhances the privacy of transactions by breaking the on-chain link between the source and destination. While this can be beneficial for many different people, it also enables hackers to mask their addresses while withdrawing illegally obtained funds.

As a result, Tornado Cash has been under some scrutiny and they have responded. In an announcement on Friday, Tornado Cash said they are using Chainalysis’ “oracle contract to block OFAC sanctioned addresses from accessing the dapp.” 

3.png

However, the blockade only applies to the user-facing decentralized application (dapp) and not the underlying smart contract. Thus, it is still possible for hackers to wash stolen money using smart contracts. 

Author: Tyler Irvin