Ronin Network Hack: The United States OFAC Traces Stolen Funds to North Korea

The United States‘ Office of Foreign Asset Control (OFAC) on Friday tracked the stolen cryptocurrencies from the Ronin Network to an address on by the North Korea-backed hackers Lazarus group.

The agency on Thursday disclosed that it had sanctioned the account, adding the group to the SDN list. The threat actors, also known as APT-C-26, have been on other watchlists due to its previous campaigns.

The United States Will Block Every Transaction

With the advanced persistent threat group placed on the SDN list, transactions from or into the said address will be blocked and assets with the United States frozen. It may be too early to conclude that the funds will be reversed as OFAC have made no such guarantees.

The agency stated that investigations are ongoing and further information will be released to the public.

On March 29, it was confirmed that Ronin Network was hacked and a sum of $625 million was stolen. It was reported that the attackers exploited Sky Davies (the gaming company behind Axie Infinity) and Axie DAO (the official validator representing the Axie community) private keys to gain access into the network and access the funds.

Lazarus Group Recent Campaigns

It was also reported that Lazarus, orchestrating an espionage campaign to target organizations within the chemical sector. In a blog post shared by the Symantec Threat Hunter Team, the APT were said to have continued a malicious campaign referred to as Operation Dream Job

The campaign was first discovered in August 2020, when attackers emailed attractive fake job offers to employees to trick them into opening malware attachments or clicking on links through to malware-hosting websites.

The attack mainly targeted organizations in the chemical sector, it also targeted a number of companies in the IT sector as well as individuals across the defense, government, and engineering sectors. It is yet to be known if the attack was successful as there were no further reports.