Ronin Crypto Heist of $618m Traced to North Korea

The largest single theft of cryptocurrency ever recorded has been traced back to North Korean threat actors.

The attack on Ronin Network took place in late March, resulting in the theft of 173,600 Ethereum ($592m) and $25.5m in two transactions.

Ronin was created by Vietnamese blockchain game developer Sky Mavis to function as an Ethereum sidechain for its Axie Infinity game – effectively allowing players to transfer cryptocurrency in and out of the game.

However, a US Treasury Department sanctions update late last week linked the crypto wallet address used to receive the stolen funds to Pyongyang’s prolific Lazarus Group.

The designation by the Office of Foreign Assets Control (OFAC) Specially Designated Nationals And Blocked Persons List (SDN) could now make it harder for North Korea to launder the funds, as it promises secondary sanctions for any entities doing business with hermit nation.

Ronin confirmed the Treasury’s move in an updated blog post last week.

“We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk. Expect the bridge to be deployed by end of month. Security comes first. The timeline is subject to change based on the implementation time of several security measures,” it continued.

“We would like to extend a thank you to all law enforcement agencies who have supported us in this ongoing investigation. We expect to deliver a full post mortem that will detail security measures put in place and next steps by the end of the month.”

It was reported earlier this month that Sky Mavis had led a $150m funding round designed to help it fulfil a promise to reimburse all customers affected by the incident.

The massive theft was even greater than the raid on Poly Network, which netted attackers $610m in August last year.

North Korean state-backed attackers are often focused on acquiring funds to prop up the heavily sanctioned Kim Jong-un regime and support its missile program. They are thought to have stolen $400m in cryptocurrency in 2021, making the Ronin haul all the more significant.

What’s Hot on Infosecurity Magazine?