The notorious Lazarus Group, a North Korean state-sponsored threat actor, appears to be behind the recent major breach of the Ronin network, the FBI said.
Ronin Network, a cryptocurrency bridge developed by the same company behind the hugely popular blockchain-based game Axie Infinity, was attacked in late March 2022, with the attackers getting away with €625 million in various cryptocurrencies.
Now, according to Vice, the FBI and the United States Department of the Treasury (USDT) have attributed this attack to Lazarus, after updating their file on the attack with a wallet that received the stolen funds, which it claims belongs to the group.
fixing the bridge
Meanwhile, the creators of the Ronin network said it would take a little longer before they could get the product back online.
“We are still adding additional security measures before redeploying the Ronin Bridge to mitigate future risks,” the company wrote in a blog post. "We hope to deliver a full autopsy detailing the security measures in place and next steps by the end of the month."
The bridge is expected to resume operations "by the end of the month."
The USDT-reported wallet currently holds 148,000 ETH, or more than €447 million at press time. Wallet owners sent 3.302,6 ETH, or about $10 million, to another address earlier this week. Details of the wallet can also be found on the blockchain explorer Etherscan, where it has been tagged as “involved in an attack on the Ronin Bridge.”
173.600 ether (the native currency of the Ethereum blockchain) and 25,5 million USD coins were stolen in the hack, with a total value of USD 625 million. Some commentators have suggested that it could be the biggest heist in cryptocurrency history.
Given the transparent nature of the blockchain, the Ronin network was able to quickly establish that funds had been withdrawn from its terminals on March 23. However, it wasn't until a user reported that he couldn't withdraw 5000 Ether that the team noticed the breach.
An investigation revealed that the attacker used hacked private keys to fake withdrawals, the organization said. It would appear that no virus was used in the attack.