Lazarus Group, the North Korea-based hacker, that claimed responsibility for the recent $625 million Ronin Bridge hack has been sanctioned by the US’s Office of Foreign Assets Control. Ronin, a blockchain network tied to the popular online game Axie Infinity, was exploited on March 23.
The US Treasury identified a digital currency address used by the hackers as being under the control of the Lazarus Group. A spokesperson for the Treasury Department said the US is aware that the DPRK has relied on illicit activities, including cybercrime, to generate revenue for its weapons and ballistic missile programs. The Treasury warned that those transacting with the wallet risk exposure to US sanctions.
Chainalysis and Elliptic, blockchain analytic firms, highlighted that this confirmed North Korea was behind the break-in. An expert said North Korean hackers have been the focus of the cybersecurity firm’s investigation for the past couple of weeks. Moreover, an official Ronin blog post stated that the FBI attributed the hack to the Lazarus Group. It said they are still in the process of adding more security measures before redeploying the Ronin Bridge to mitigate future risk.
The US Treasury has placed sanctions on the address that received the stolen funds. The Lazarus Group, as per US officials, is controlled by the Reconnaissance General Bureau – which is North Korea’s primary intelligence bureau. Its also accused of being involved in the WannaCry ransomware attacks, hacking of international banks and customer accounts, as well as the 2014 cyberattacks on Sony Pictures Entertainment. Furthermore, the US is urging the United Nations Security Council to blacklist the Lazarus Group and freeze its assets.