John Paul M. Joaquin Tech 04.14.2022 22:Apr PM EDT

US Government Suspects North Korean Hackers Behind $625 Million Ronin Blockchain Heist

A North Korean hacker group is the one behind the hacking and stealing of cryptocurrency that shook the Axie Infinity NFT game.

The U.S. Treasury Department recently named the Lazarus North Korean hacking group the perpetrator of the theft of millions of dollars in cryptocurrency from the blockchain responsible for the NFT game Axie Infinity, per Vice.

Sky Mavis, Axie Infinity's operator, mentioned that it is still in the process of adding more security measures before redeploying the Ronin Bridge to mitigate future risk.

Ronin Blockchain Hack Details

The hack, which happened on March 23, was discovered after Sky Mavis received a report that a user was unable to withdraw 5,000 Ethereum from the Ronin Bridge. The company then discovered that its validator nodes and Axie DAO validator nodes were compromised, resulting in 173,600 Ethereum and 25.5 million USDC drained from the blockchain.

The total valued amount of cryptocurrency stolen from the blockchain is approximately $625 million. The hackers were able to steal the cryptos after it took over five out of nine validators to transfer the funds.

The attack forced Sky Mavis to temporarily pause the Ronin Bridge, while Binance, whose bridge allows for cryptocurrency exchanges and transactions, was closed to err on the side of caution, per Binance's announcement.

The hack raised questions regarding the Ronin Network's security model, which relied on a closed set of nine trusted validators. Sky Mavis increased the validator set to 21 after the attack.

Investigators were able to find the crypto wallet the hackers used to receive the cryptos from the Ronin blockchain. According to The Verge's report, the wallet contained over $445 million worth of Ethereum (148,000 Ethereum). It also sent almost $10 million worth of Ethereum (3,302.6 Ethereum) to another wallet less than a day ago. Crypto transaction tracker Etherscan labeled the wallet address as "reported to be involved in a hack targeting the Ronin bridge."

The U.S. Treasury Department also placed sanctions on the crypto wallet to prohibit transactions to and from the address.

The theft was one of the largest in crypto history, which prompted other crypto firms and venture capitalists to fill the financial void in Sky Mavis' attempt to reimburse affected users.

What Is Sky Mavis Doing Now?

Sky Mavis is currently in the process of adding additional security measures before it redeploys the Ronin Bridge to reduce future risk to the blockchain.

The company said that users should expect the bridge to be deployed by the end of April.

Sky Mavis assured users that security remains its top priority and that it would deliver a full post-mortem that details the security measures it placed and the company's next steps along with the Ronin Bridge's redeployment.

"We would like to extend a thank you to all law enforcement agencies who have supported us in this ongoing investigation," Sky Mavis said. "Security remains our top priority, and we look forward to sharing our learning with our community and the broader ecosystem. We thank you for your patience."