Amid Sky Mavis beginning to roll out various relief programs off the back of its $600+ million Ronin Bridge breach, news regarding the culprits behind the attack has now come to light. Those in ownership of the uncovered information is The U.S. Treasury Department, who, after communications with the FBI, are alleging that North Korean hacking group ‘Lazarus’ are the guilty party.
The news began coming to surface when The Treasury Department added an Ethereum wallet to its sanctions list on Thursday 14th April, with blockchain analytics platform Nansen labeling the address as ‘Ronin Bridge Exploiter’.
Since the sanctioning, crypto analytics platform Chainalysis have backed up the news to be true, whilst tracing firm Elliptic have estimated that of the stolen 173,600 ETH and $25.5 million, 14% of it has already been laundered (which may explain why the address in question only held 148,000 ETH at the time of sanctioning).
An announcement from The Treasury Department added: “Identification of the wallet will make clear to other VC actors, that by transacting with it, they risk exposure to US sanctions. This demonstrates Treasury’s commitment to use all available authorities to disrupt malicious cyber actors and block ill-gotten criminal proceeds”.
Although this the first time in which the Treasury has blacklisted an alleged Lazarus-held crypto wallet, it is known that the group, as well as ‘Advance Persistent Threat 38’ (another North Korean hacking firm), have been on the FBI’s watch list for a while.