North Korea blames $600 million Axie Infinity theft

The Treasury Department has updated its sanctions list targeting Lazarus Group. The federal agency added a cryptocurrency address that was used to steal $600 million from the Ronin Network, a blockchain network created by Vietnamese gaming company Sky Mavis.

The Ronin network powers the game Axie Infinity, a pokemon clone that relies on the blockchain to allow its users to trade digital assets obtained in the game. Sky Mavis created this network to circumvent the congestion of the Ethereum network. Last month, the company disclosed that 173,600 Ethereum (ETH) tokens and $25.5 million were stolen from the network. At the time, the value of the stolen cryptoassets was valued at over $600 million at the time of the theft.

On Thursday, Sky Mavis acknowledged the Treasury Department’s new list.

A new high-flying crypto heist

To carry out his attack, the attacker took control of four validators operated by Sky Mavis and one operated by Axie DAO.

“The attacker found a backdoor through our gasless RPC node, which he abused to obtain the Axie DAO validator’s signature,” the Ronin Network explained.

“It dates back to November 2021, when Sky Mavis enlisted the help of Axie DAO to distribute free transactions due to immense user load. Axie DAO authorized Sky Mavis to sign various transactions on its behalf. was discontinued in December 2021, but access to the allowlist has not been revoked.”

In response, the Ronin bridge and Katana Dex exchange were shut down, the number of validators was increased to eight, and the security teams of major crypto exchanges were contacted.

“We are still adding additional security measures before redeploying the Ronin Bridge to mitigate future risks. Expect the bridge to be deployed by the end of the month,” the company added. “We would like to thank all of the law enforcement agencies that have supported us in this ongoing investigation.”

Hackers in North Korea stole nearly $400 million worth of cryptocurrency in 2021, according to blockchain analytics firm Chainalysis.

Lazarus is among the most prolific and sophisticated hacker groups with ties to North Korea. The group was responsible for the destructive attack on Sony Pictures Entertainment in 2014.