The scam attack on the Axie DAO and Sky Mavis Ronin Bridge which was perpetrated on March 23rd has been tied to the North Korean hacker group known as ‘Lazarus’ Group. The United States Treasury Department announced on Thursday the addition of a suspected Ethereum (ETH) wallet to its Office of Foreign Assets SDN list which turned out to belong to the Lazarus cybercrime group.
From investigations by Chainalysis, the analytic firm took to its Twitter page to declare that the discovered address was involved in the Ronin network bridge. Although the Ether wallet currently holds only 148,000 ETH, it is suspected that one-seventh of the stolen fund has already been spent.
The hack had been discovered one week after it had occurred, its discovery was only possible after a user reported an inability to withdraw about 5000 ether from the wallet. The total crypto stolen was recorded to be $625 million, which is a sum of 173,600 ETH and 25.5 million USDC.
The route of entry for the scammers was through a backdoor loophole created in a previous transaction between Sky Mavis and Axie DAO. Five out of the nine Ronin bridge validators needed for the approval of withdrawal were also infiltrated.
Heightened Security Measures Introduced to Curb Future Attacks
Since the attack, security measures have been introduced to safeguard the network. The number of validators approving a withdrawal has been increased to 21. Meanwhile, there has been a hold on operations on the bridge, as additional security measures are being considered. Also, Sky Mavis has raised $150 million to reimburse affected wallets.
The United States Treasury Department has involved the FBI in its investigation and so far, Lazarus Group has raised high suspicion. The Treasury also has its eagle eyes on another North Korean group suspected to be involved in cyber theft.
As part of the preventive measures for future cyber attacks, the security watchdog has advised that anti-money laundering schemes are key points to put in place for any financial entity. Any individual or organization caught defiling any of the schemes and regulations set in place as standards knowingly or otherwise, will be penalized and sanctioned.