US Treasury links North Korean hacker group Lazarus to $600M Axie Infinity heist

The notorious group was also behind the the destructive wiper attack on Sony Pictures Entertainment in 2014.
Written by Stephanie Condon, Senior Writer

The US Treasury Department on Thursday linked a notorious North Korean hacking group to a massive $600 million cyber breach last month. 

The connection was clear when the Treasury Department updated its sanctions listing for the hacking group, called Lazarus Group. The federal agency added a cryptocurrency address that was used to steal $600 million from the Ronin network, a blockchain network created by the Vietnamese game company Sky Mavis.  

The Ronin network powers the play-to-earn game Axie Finity. Sky Mavis created the network to get around Ethereum network congestion. 

Last month, the company revealed it had 173,600 in Ethereum (ETH) and 25.5 million USD coins drained from the Ronin network. At the time, the crypto assets were valued at over $600 million.

Sky Mavis on Thursday acknowledged the new Treasury Department listing. 

"We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk. Expect the bridge to be deployed by end of month," the company said. "We would like to extend a thank you to all law enforcement agencies who have supported us in this ongoing investigation."

To put the $600 million heist in context, hackers from North Korea stole nearly $400 million worth of cryptocurrency in 2021, according to blockchain analysis firm Chainalysis.

Lazarus is among the most prolific and sophisticated of the hacking groups with links to North Korea. The group was responsible for the destructive wiper attack on Sony Pictures Entertainment in 2014.

Editorial standards