US government connects North Korean hacking group with last month's $600 million Ronin exploit

The US government drew a connection between the North Korean hacking unit Lazarus Group and last month's exploit of the Axie Infinity's Ronin sidechain network.

The Treasury Department included the Ethereum address 0x098B716B8Aaf21512996dC57EB0615e2383E2f96 in a sanctions list update. The address had previously been flagged on EtherScan as "reported to be involved in a hack targeting the Ronin bridge."

Currently, the address holds 147,753.03 ETH, worth roughly $444 million at current market value.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

As reported at the time, the exploit resulted in the loss of 173,600 ETH and 25.5 million worth of the stablecoin USDC. One of the largest exploits of its kind to date, the event drove global headlines.

Sky Mavis, the creator of Axie Infinity, released details on the exploit in the days following the event, pledging to beef up its security approach, and later raised $150 million to repay the losses to hack victims.

Lazarus has been connected to other cyberattacks in the crypto industry in the past. In March 2020, the Treasury Department moved to sanction individuals believed to have helped launder crypto funds stolen by Lazarus group members.

This is a developing story.