Axie Infinity is one of the most popular, NFT-based crypto games where players purchase trade Axies and earn money. Ronin is a sidechain built for Axie Infinity on Ethereum (ETH). By using the Ronin bridge, players can transfer assets from the Ethereum network to the Ronin network.
Over $425 million was transferred out of hackers’ wallets in 16 days. Afterward, a price increase prompted a rush to cash out, resulting in a profit. On March 23, hackers stole $540 million in Ether (ETH) and USD Coin (USDC) from the popular NFT-based game Axie Infinity. According to the company blog post, attackers used compromised private keys to validate transactions on the network. They were able to forge fake withdrawals using these private keys. By the time the attack was made public, the crypto assets were worth $620 million.
Unlike fiat, stolen cryptocurrency cannot be cashed out with ease
The North Korean hackers not only pulled off a daring theft but also saw the loot’s value rise 15% while they sat on their hands. Since then, things have moved quickly, and these thieves may not wind up with anything as law enforcement officials begin to collaborate with gamers at all levels of the crypto ecosystem in order to intercept this theft.
It was dubbed the Ronin Bridge Exploit since it targeted the bridge connecting the Axie Infinity blockchain to the Ethereum blockchain. Recent bridge attacks have caused a major problem in the cryptosphere, with over $1 billion in cash stolen in the past year alone. Stealing cryptocurrency is different from stealing fiat currency. In contrast to the classic bank robber who can launder his riches to buy a 50-meter boat, crypto burglars face a brick wall when it comes to cashing out.
Hackers use decentralized smart contracts system to mix clean & dirty crypto
Each blockchain transaction can be traced back to a wallet address and can be searched publicly on sites like Etherscan. On April 14, the FBI identified the hackers behind the Ronin Bridge Exploit as North Korea’s Lazarus Group. Lazarus Group’s wallet address was added to OFAC’s Specially Designated Nationals list the same day.
According to a blog post by cryptocurrency compliance firm Elliptic, such sanctions prevent US citizens and businesses from trading with this address to ensure the state-sponsored group cannot cash out any further funds they continue to hold through US-based cryptocurrency exchanges. Scammers often use a mixer, a decentralized system (collection of smart contracts) that allows users to send crypto – both dirty and clean – into the mixer in order to steal cash. It is impossible to determine where the outgoing coin came from because dirty crypto is mixed with clean crypto.