US Officials Tie North Korea’s ‘Lazarus’ Hackers to $625M Crypto Theft

The U.S. Treasury Department alleged that North Korean hacking group Lazarus is tied to a more than $600 million theft of cryptocurrency from the Axie Infinity-linked Ronin bridge.

The Treasury Department added an Ethereum address to its sanctions list on Thursday. Wallet profiler Nansen had labeled the sanctioned address as a “Ronin Bridge Exploiter” when checked by CoinDesk Thursday. It held 148,000 ETH at publication time. CoinDesk independently confirmed that the wallet is tied to the Ronin exploit.

Crypto analytics firm Chainalysis tweeted that the address “was involved in the Ronin hack.” Tracing firm Elliptic estimated that 14% of the stolen funds had already been laundered by Thursday.

Ronin Network said in a blog post that the FBI had linked Lazarus with the validator breach and that the Treasury Department sanctioned the funds.

“We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” the blog said, targeting deployment before month’s end and promising a full post-mortem at a later date.

Ronin – a sidechain that is connected to the main Ethereum blockchain but allows the developers behind play-to-earn game Axie Infinity, Sky Mavis, to support faster and cheaper transactions – was hacked last month, losing 173,600 ETH and 25.5 million USDC, worth $625 million at the time. It ranks among the largest exploits in crypto history.