The report revealed by OFAC and the indicated addresses coincides with the information presented by other investigative entities, which directly connect the North Korean group, Lazarus, to the Attack that extracted funds from the Ronin network.
The Office for Foreign Assets Control, an entity linked to the US Department of the Treasury, identified four crypto addresses allegedly linked to the hack perpetrated by attackers on the Ronin network. The hack harmed the famous Blockchain ecosystem associated with the popular P2E game Axie Infinity, which fell victim to an attack that made it lose about $600 million in crypto assets.
OFAC Flags Addresses Linked to the Ronin Network Attack
According to the OFAC, the addresses connected to this Attack on the Ronin network. Still, one of them got already revealed by the regulatory entity in a previous report.
According to the report, officials link the accounts to the Lazarus hacker group, which has strong connections with the North Korean administration. It also has links with other high-profile attacks against reputable businesses and organizations in the US and other countries.
The Attack on the Ronin Network
As many may already know, the Ronin network fell victim to a hack at the end of March, resulting in losses of more than USD 625 million after extracting 173,600 ETH and some 25.5 million USDC tokens.
According to the report published by the developers, the Attack affected the Ronin Network validation nodes for Sky Mavis and the Axie Decentralized Autonomous Organization (DAO). The hacker behind these attacks used the hacked private keys to fake withdrawals, extracting funds from the Ronin bridge with two subsequent transactions.
The exploit took effect on March 23 but got discovered after a user experienced some flaws when he unsuccesfully tried to withdraw 5,000 ETH.
Regarding the investigation, the CEO of Binance, Changpeng “CZ” Zhao, highlighted that his team achieved the recovery of USD 5.8 million connected with the hack executed against the Ronin network.
Sky Mavis’ Ronin chain relies on at least nine validator nodes. Five of the nine signatures are crucial to recognizing a Deposit operation or a Withdrawal activity. The criminals gained power over Sky Mavis’s four Ronin signatures that serve as validators and a third-party validator executed by Axie DAO.
The validator key scheme got built to work as a decentralized scheme to limit an attack vector. Still, the attacker detected a weak point through a gas-free RPC node, which they disrupted to obtain the signature that leads to the Axie DAO validator.
Sky Mavis asked for assistance from the Axie DAO to spread free transactions due to a massive user load. The Axie DAO permitted Sky Mavis to sign some transaction activities. This action ceased in December 2021, but the access did not get removed from the system.
Once the criminals gained entrance to the Sky Mavis network, they acquired the signatures from the Axie DAO validator by applying the gas-free RPC.
By: Jenson Nuñez
