U.S. Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist

The U.S. government blames North Korea-linked APT Lazarus for the recent $600 million Ronin Validator cyber heist.

The U.S. government attributes the recent $600 million Ronin Validator cryptocurrencty heist to the North Korea-linked APT Lazarus.

The U.S. Treasury announced in a notice the sanctions against the Ethereum address used by the APT to receive the stolen funds. US organizations are forbidden to conduct any transactions with the above address.

On March 23rd, threat actors have stolen almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity’s Ronin network bridge. The cyber heist was discovered today after a user was unable to withdraw 5,000 ether.

The Ronin Network is an Ethereum-linked sidechain used for the blockchain game Axie Infinity.

The attackers have stolen roughly 173,600 ether and 25.5 million USDC. The Ronin bridge and Katana Dex have been halted following the attack.

Axie Infinity disclosed the security breach through the official Discord and Twitter accounts, and by Ronin Network.

The amount of stolen funds makes this attack the largest crypto hack in history, passing the $611 million hack of the DeFi protocol Poly Network in August 2021.

Axie Infinity launched an investigation into the incident and discovered that cyber thieves have already managed to launder about 20% of the stolen funds.

Over the last years, North Korea-linked APT groups have conducted multiple attacks against cryptocurrency exchanges evolving their TTPs.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ukraine)

[adrotate banner=”5″]

[adrotate banner=”13″]