Apr 27, 2022 Camille A. Hanard
According to the U.S.Treasury Department, the North Korean cyber-criminal group Lazarus is connected to the last month’s $622 million heist from the Ronin Bridge.
Yesterday, the United States Treasury Department added an Ethereum address to the sanctions list, assuming that it is connected to North Korea's Lazarus Group. This wallet happens to be the same address used in the last month’s Ronin Bridge hack.
This information has been also confirmed by Ronin in the blog post claiming that the FBI had linked the North Korea-based Lazarus group to Ronin’s validator security breach and that the Treasury Department sanctioned the address that received the stolen funds. “We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” the blog post said.
Blockchain analytics firms Chainalysis and Elliptic have also confirmed that the sanctioned wallet address is the same used in the Ronin exploit. According to Elliptic’s blogpost, the methods used by the Lazarus have signature patterns, which were replicated in the Ronin exploit.
Lazarus is a cybercrime group also known as Guardians of Peace, made up of an unknown number of individuals and labeled by the United States Federal Bureau of Investigation as the North Korean "state-sponsored hacking organization". The group was responsible for the attack on Sony Pictures Entertainment in 2014, resulting in the unauthorized access to previously unreleased films, emails, and the personal information of around 4,000 employees.