US Adds Axie Infinity Hacker to North Korea Sanctions List

The hackers stole $624 million from the game’s Ronin Network bridge in one of the largest crypto hacks of all time.
U.S. Adds Axie Infinity Hacker to North Korea Sanctions List
Image: JAM STA ROSA / Contributor via Getty Images

The U.S. Treasury Department added an Ethereum address linked to the recent hack of a crypto platform affiliated with play-to-earn game Axie Infinity to the North Korean sanctions list on Thursday. 

On March 29, Sky Mavis, which operates Axie Infinity, announced that its Ronin Network "bridge" was hacked for $624 million in Ethereum and USDC tokens. The Vietnam-based company spun up the Ronin Network to make playing Axie Infinity cheaper for users, porting tokens from Ethereum to the Ronin blockchain, since the game runs on top of Ethereum where every action incurs costly "gas" fees. 

On Thursday, the Treasury added an Ethereum address marked as "Ronin Bridge Exploiter" on Etherscan to the North Korean sanctions list. That address currently holds nearly 148,000 ETH worth over $445 million USD, and transferred out 3,302.6 ETH (nearly $10 million) to another address which sent those funds through the Tornado Cash mixing service less than 24 hours ago.

"Today, the FBI attributed North Korea–based Lazarus Group to the Ronin Validator Security Breach," Sky Mavis said in an update to its blog post about the hack.

"We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk," the company added. "Expect the bridge to be deployed by end of month."

The hack was one of the largest thefts in crypto history, and spurred crypto firms and VCs to step in and help fill the financial void. It also raised questions about the security model underpinning the Ronin Network, which relied on a closed set of nine trusted validators; the hackers took over a majority of five validators to transfer funds. After the hack, Sky Mavis upped the validator set to 21. 

North Korea is suspected to be behind numerous cryptocurrency hacks, with the country bringing in $400 million with thefts in 2021, according to blockchain analysis firm Chainalysis. Lazarus Group is suspected to be behind many of the hacks, the firm has said.

This week, an Ethereum programmer who’s a U.S. citizen was sentenced to more than five years in prison for a 2019 trip to North Korea that saw them give a presentation allegedly advising North Koreans how to avoid sanctions with cryptocurrency.