The U.S. Office of Foreign Assets Control has sanctioned Lazarus Group, the North Korean hacker accused by the U.S. Treasury Department of being behind the $625 million Ronin Bridge hack in March.
The Treasury Department announced on Thursday that the Ethereum address behind the attack, dubbed “Ronin Bridge Exploiter” by wallet profiler Nansen, had been added to the Specially Designated Nationals And Blocked Persons List (SDN).
Lazarus Group responsible for largest theft in DeFi history
After compromising the security of the Ethereum sidechain, Sky Mavis — the studio behind Axie Infinity — saw its Ronin bridge smart contract exploited for hundreds of millions of dollars in late March.
The Treasury Department added a new ETH address to the Lazarus group’s list of sanctions. The FBI linked this address to the Ronin bridge exploit that took place in late March, receiving 173,600 ETH and 25.5 million USDC as a result of the exploit. This is the same address that the founder of Sky Mavis identified as the attacker shortly after the attack.
In a recent update to its original community alert post, the studio acknowledged the connection and stated that it is working on additional security layers to protect its users.
Two major blockchain analytics organisations, Elliptic and Chainalysis, have confirmed that the address belongs to the North Korean organisation. Since the hack, both companies have been tracking stolen funds.
Sky Mavis working on reimbursements
Sky Mavis has stated that they will continue to cooperate with security firms and law enforcement agencies in the hopes of recovering the funds within the next two years. The studio previously stated that they would compensate all affected users by merging Sky Mavis and Axie balance sheet funds with a $150 million capital round lead by Binance and involving many crypto investment businesses.
Wrapped Ether (wETH) withdrawals and the convert wETH to ETH feature are still closed, according to the studio, although withdrawals for Axie Infinity Shards (AXS) and Smooth Love Potion (SLP) have been reopened.