North Korea’s Lazarus Group Behind Axie Infinity's Ronin Hack, Say US Treasury, FBI

cryptonews.com:

The United States Treasury Department has sanctioned an ethereum (ETH) address that it says received coins stolen in the Ronin Bridge hack – and the FBI has claimed that the North Korean Lazarus group of hackers was behind the security breach.

The address in question currently contains almost USD 446m worth of ETH and has been particularly busy in the past few days. The sanctions announcement claimed that Lazarus was based in the Potonggang District, of the North Korean capital Pyongyang, a claim also voiced in the past by the FBI.

The validator is used to connect the play-to-earn gaming title Axie Infinity’s Ronin bridge, which allows users to send cryptoassets to and from the Ethereum network to Axie’s Ronin sidechain – and was exploited for some USD 600m in late March. The hack is one of the largest ever in the decentralized finance (DeFi) space.

In an April 14 update to the Ronin newsletter on the hack – originally published just after last month’s hack – the Ronin Network wrote that it was “still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” adding that users could “expect the bridge to be deployed by end of [the] month.”

It also promised a “full post mortem that will detail security measures put in place and next steps” – also “by the end of the month.”

The blockchain analytics firm Chainalysis backed the claim on Twitter, stating that the address had received ETH 173,600 (currently worth around USD 525m), as well as USD 25.5m worth of the stablecoin USD coin (USDC) “from the Ronin Bridge smart contract during the attack.”

The company added that the crypto industry needed greater “understanding of how [North Korea]-affiliated threat actors exploit