US officials tied the North Korean hacker group, Lazarus, to last month's $625 million exploit of the Ronin network.
Yesterday, the United States Department of the Treasury announced that the Ethereum wallet tied to the Ronin hack had been added to its sanctions list. The hack, which saw 173,600 ETH and 25.5 million USDC stolen in two transactions, was the biggest recorded cryptocurrency hack ever.
According to a spokesperson of the Treasury Department, the FBI and the Treasury Department coordinated their investigation of the Lazarus Group to expose the perpetrators and prevent other parties from allowing them to launder the stolen funds:
"Identification of the wallet will make clear to other VC actors, that by transacting with it, they risk exposure to US sanctions. This demonstrates Treasury's commitment to use all available authorities to disrupt malicious cyber actors and block ill-gotten criminal proceeds.
There may be mandatory secondary sanctions requirements on persons who knowingly, directly or indirectly, engage in money laundering, the counterfeiting of goods or currency, bulk cash smuggling, or narcotics trafficking that supports the Government of North Korea or any senior official or person acting for or on behalf of that Government."
Former Ethereum developer Virgil Griffith was sentenced to a five-year prison sentence for breaking US sanctions law regarding North Korea only two days ago.
Lazarus is a cybercrime group sponsored by the North Korean state that was responsible for cyberattacks in South Korea, the Sony Pictures hack, a Bangladesh cyber heist, and the WannaCry ransom attack.
Blockchain analytics firm Elliptic wrote in a blog post addressing the recent developments that the Lazarus Group is believed to be a vehicle of the North Korean state to fund its nuclear and ballistic missile programs. Consequently, blacklisting the hackers' Ethereum wallet can have tangible geopolitical consequences in light of North Korea's renewed nuclear testing programs.
The Hack and Its Post-mortem
Ronin is an EVM-based blockchain for play-to-earn games that hosts Axie Infinity, a digital collectibles game. On March 23, hackers exploited the blockchain for over $600 million, but the hack was discovered only six days later. The Lazarus Group has since been attempting to launder the stolen funds.
In its wrap-up of the Ronin hack, Elliptic details how the hackers swapped the stolen USDC for ETH at DEXes to prevent them from being seized. They subsequently tried to cash out part of the ransom through centralized exchanges, which drew attention to their operation when the exchanges announced full compliance with law enforcement. The group later swapped $80 million through Tornado Cash, a mixer that can be used to obscure the provenance of funds.
$433 million remain in the hackers' original wallet, which now has been blacklisted by US authorities to prevent further money laundering.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap. CoinMarketCap is not responsible for the success or authenticity of any project, we aim to act as a neutral informational resource for end-users.
