The United States said Thursday that North Korean hacking group Lazarus was responsible for the multi-million dollar cryptocurrency heist of Axie Infinity, a game in which players can earn crypto through gameplay.
“We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risks. [We] expect the bridge to be deployed by the end of the month,” it stated.
According to blockchain analytic group Chainalysis, Lazarus is led by North Korea’s primary intelligence agency—Reconnaissance General Bureau. The hacking group first gained notoriety from its alleged involvement in the Sony Pictures and WannaCry cyberattacks.
It stated that the validator nodes for Sky Mavis—the operator of Ronin and Axie Infinity—and for Axie DAO (a decentralized autonomous organization) were compromised on March 23. The attack was discovered on March 29 after a user reported being unable to withdraw Ethereum funds from the bridge.
“In order to recognize a deposit event or a withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin validators and a third-party validator run by Axie DAO,” Ronin said.
While the nine validator nodes are set up to be decentralized to limit such attacks, Ronin said the attacker “found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
The Ronin bridge and Katana Dex, the Ronin decentralized exchange, have also been halted as a security measure as investigations continue.