Crypto exchange Binance has recovered a small fraction of the $622 million stolen from Sky Mavis’s Ethereum sidechain Ronin last month, according to a tweet by exchange CEO Changpeng “CZ” Zhao early this morning.
Sky Mavis is the developer team behind the popular play-to-earn crypto game Axie Infinity.
Zhao tweeted that the North Korean hacking group responsible for the theft began channeling some of the loot on the exchange across “over 86 accounts” and that “$5.8M has been recovered.”
The DPRK hacking group started to move their Axie Infinity stolen funds today. Part of it made to Binance, spread across over 86 accounts. $5.8M has been recovered. We done this many times for other projects in the past too. Stay #SAFU.
Just last week, following a tip from the FBI, the U.S. Treasury added the attacker’s Ethereum wallet to its sanctions list.
The wallet, named “Ronin Bridge Exploiter” on Etherscan, had been connected to North Korea hacking group Lazarus, an organization that the FBI describes as “state-sponsored.”
Lazarus is responsible for several major hacks, including the 2017 WannaCry ransomware attack, 2014’s Sony Pictures attack, and a series of cyber raids on pharmaceutical companies in 2020, including COVID-19 vaccine developers AstraZeneca.
Earlier this month, the Ronin attacker was spotted moving $7 million in crypto over to Tornado Cash, a tool that obfuscates crypto transactions by acting as an intermediary, breaking the on-chain link between the source of funds and their destination.
Axie Infinity Ronin bridge hack
On March 23, the attackers drained 173,600 Ethereum and 25.5 million USDC stablecoins from the bridge connecting Axie Infinity developer Sky Mavis’s custom Ronin sidechain to Ethereum.
The theft wasn’t discovered until March 29, however.
A week later, Binance led a $150 million funding round, including Animoca, the company behind popular crypto game The Sandbox, and tech venture capital firm a16z.
The purpose of the funding was to help reimburse victims of the attack and patch security vulnerabilities.
Sky Mavis described the hack as “socially engineered” at the time and said the cause of the security breach was a small validator set. The company is reportedly expanding the number of validators from five to twenty-one over the next three months with the new funding.
Last week, Sky Mavis launched a bug bounty program, offering various prizes, including a jackpot of $1,000,000, to benevolent hackers who can identify any “extraordinarily severe” vulnerabilities.
The best of Decrypt straight to your inbox.
Get the top stories curated daily, weekly roundups & deep dives straight to your inbox.