Wallet addresses linked to the recent exploit of Euler Finance and last year’s breach of Axie Infinity’s Ronin Network have shown interactions, fueling suspicions that North Korean cybercriminals could potentially be involved in the latest assault on Euler.
Blockchain data shows that an address controlled by Euler Finance’s hacker has sent 100 Ether ($170,515) to a wallet associated with Ronin Bridge exploiter, which is believed to be the infamous North Korean hacker group Lazarus Group.
Euler Finance Exploiter transferred 100 $ETH to Ronin Bridge Exploiter(stole 173,600 $ETH and 25.5M $USDC).— Lookonchain (@lookonchain) March 17, 2023
Ronin Bridge Exploiter was listed by #OFAC as Lazarus Group – the North Korean state hacking group.
Are the two hackers the same person or was it intentional? pic.twitter.com/aPzOkSlXb6
As of now, it remains unclear if Lazarus Group is also behind the recent attack on Euler Finance, or whether there is some sort of affiliation between the hackers and the entity that exploited Euler Finance.
Earlier this week, Euler Finance fell victim to a flash loan attack resulting in around $200 million worth of digital assets being stolen from the project.
The losses occurred over six transactions in dai (DAI), wrapped Bitcoin (WBTC), staked Ether (sETH) and USDC, and were carried out by two attackers, crypto analytic firm Meta Seluth said at the time.
The company claimed that the attack is related to the deflation attack one month ago. The attacker used a multichain bridge to transfer the funds from the BNB Smart Chain (BSC) to Ethereum and launched the attack.
More recently, Euler Finance announced that they have launched a $1 million reward in “the hope that this provides additional incentive for information that leads to the Euler protocol attacker’s arrest and the return of all funds extracted by the attacker.”
North Korea Behind Axie Infinity Hack
The hack of Axie Infinity’s Ronin blockchain saw hackers make off with about $625 million worth of Ethereum and USDC after they managed to gain access to five of the nine private keys held by transaction validators for Ronin Network’s cross-chain bridge.
The US government has claimed that the North Korean hacking group Lazarus was responsible for the heist. The Treasury Department has also sanctioned an Ethereum address that it says received coins stolen in the Ronin Bridge hack.
In late 2022, a report said that hackers sponsored by the North Korean government have stolen over $1 billion worth of digital assets since 2017.
More than half of that tally, or about 800 billion won ($626 million), were stolen in 2022. Moreover, more than 100 billion won ($78 million) of the total came from South Korea.
Earlier this week, a South Korean government official claimed North Korea’s crypto hacking campaign may be impervious to international sanctions. They said:
“The scale of North Korea’s cybercrime-related activities suggests that the international community’s sanctions against North Korea are being rendered powerless.”
North Korea has repeatedly denied that it seeks to hack crypto and has refuted accusations surrounding the Lazarus group, which has previously been accused of masterminding the 2014 hack of Sony Pictures and the 2017 Wannacry ransomware attacks.