- Chainalysis investigated Lazarus Group’s attack on Ronin Network.
- The hacker group stole over $600 million worth of Axie from Ronin Network.
- Ronin Network is the sidechain built for the P2E game Axie Infinity.
Following the attack on Ronin Network in March 2022, Erin Plante, senior director of Investigations at Chainalysis, drew the roadmap of their successful investigation over the hack. Ronin is the sidechain network for Axie Infinity NFT-gaming platform, and Plante informed the gaming team about the steps undertaken for the inquiry.
In detail, the North Korean Lazarus Group stole over $600 million worth of USDC and ETH from the Ronin Network. The team behind the network tweeted that $30 million worth of stolen funds has been recovered. According to Ronin, the current total value of the stolen funds is 250 million, which is 12% of the total amount.
Taking a closer look at the investigation, the Chainalysis Crypto Incident Response used “advanced tracing techniques” to follow stolen funds to cash out points. Also, they cooperated with law enforcers and industry players to quickly freeze funds.
The attack began when the Lazarus Group gained access to five of the nine private keys held by transaction validators for Ronin Network’s cross-chain bridge.
Notably, the hackers used the private keys to approve two transactions. These are withdrawals that include 173,600 ether (ETH) and 25.5 million USD Coin (USDC). After the money laundering process, Chainalysis traced the funds and found that the hackers used funds by disguising over 12,000 different crypto addresses.
Chainalysis also displayed an image indicating five stages used by the typical DeFi money launderers.
— Chainalysis (@chainalysis) September 8, 2022
Importantly, the analytics platform noted that Lazarus Group has shifted from the popular Ethereum mixer to DeFi services to chain hop or switch between different kinds of cryptocurrency in a single transaction. As the team reported, this happened after the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned “Tornado Cash for its role in laundering over $455 million worth of crypto stolen from Axie Infinity.”