North Korean ‘Lazarus Group’ reportedly behind Ronin Bridge hack 

Temitope Akintade
*An ETH address implicated in the Ronin Hack has been attributed to the Lazarus Group, a cybercrime group affiliated with North Korea

Two weeks ago, we reported the Ronin Bridge Hack that resulted in the theft of more than $615 million in cryptocurrency. Now, a North Korean hacking group called ‘Lazarus’ has been linked with the crypto industry’s largest-ever hack, according to blockchain analytics firm, Chainalysis.

Since the incident in late March, the Ronin team has been working closely with both the US Government and Chainalysis to identify the culprits.

Chainalysis noted yesterday in a Twitter thread that the United States Department of Treasury’s Office of Foreign Assets Control updated its Specially Designated Nationals and Blocked Persons’ List with an Ethereum address attributed to the Lazarus Group.

The implicated address – 0x098B716B8Aaf21512996dC57EB0615e2383E2f96- is known to have been connected to the hack. The aforementioned address received 173,600 ETH and 25.5 million USDC tokens. At press time, the address holds $445 million worth of Ether. 

That address was involved in the Ronin hack, having received 173,600 ETH and 25.5 million USDC from the Ronin Bridge smart contract during the attack.

Chainalysis reported

This confirms that the group was behind the Ronin Bridge hack on March 23.

In early January, Chainalysis reported that North Korean hackers had stolen $400 million in crypto last year, with Ethereum accounting for the majority of the sum. Lazarus Group, which has been tied to North Korea’s primary intelligence bureau, was responsible for most of the attacks.

According to Bloomberg, the Kim Jong Un regime uses its stolen crypto to maintain its nuclear and ballistic missile programs.


Apart from crypto companies, Lazarus Group has also attacked film studio Sony Pictures in 2014, the central bank of Bangladesh, and pharmaceutical companies. It was also behind the WannaCry cyberattack that affected roughly 200,000 computers around the world.     

Chainalysis emphasised the need to understand how North Korean actors utilise crypto for illicit purposes. The blockchain security company further warned of a need for improved security on decentralised finance protocols. The firm concluded by writing that it had updated all of its products to include the Lazarus Group’s ETH address in its Sanctions category.

Earlier in April, approximately a week after the historic attack, Sky Mavis, the developer behind Axie Infinity, raised $150 million in a round led by Binance to reimburse some of those who lost money in the hack.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!

Register for Technext Coinference 2023, the Largest blockchain and DeFi Gathering in Africa.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!