- Funds are partially mixed and some have been disguised as staking deposits on Avalanche P-Chain.
- Sky Mavis will cover the loss with a funding round and from its own reserves.
- Heist brought down AXS from above $75 down to $48.
The hacker behind the Ronin-ETH bridge exploit is none other but the notorious Lazarus group. The North Korean hackers are known for targeting big aggregations of crypto assets, usually on exchanges. The group quickly reoriented to decentralized hubs of value, of which bridge smart contracts have been the most vulnerable.
The heist was noted by the US Department of the Treasury with no further details except to connect the heist to the various names of the Lazarus group. But the discovery shows that P2E is a serious target, after hosting significant funds from decentralized activity. Previous bridge exploits were either much smaller or done by white hat hackers that returned the funds. But this time, the exploit also came with a plan to hide the origin of funds, completed despite the blacklisted address.
The Lazarus hacker groups has been tied to other hacks of decentralized protocols back in 2021.
The funds from the exploit were mixed through Tornado Cash and may be extremely difficult to impossible to trace. The other tool used by the hackers is even more sophisticated – some of the funds were bridged to the Avalanche P-Chain and apparently used for validation. The move was unearthed by PeckShield, a watcher of blockchain anomalous activity and heists.
The theft was a significant hit on the reputation of Ronin and the native RON asset. RON retreated to around $1.64, breaking down from its recent attempt to keep above $2 and move higher. RON itself was not affected, as the asset is fully on the other side of the bridge. The hacker’s last mixing attempt was 10 days ago, with no new registered movements of funds.
The exploit also hurt the positions of Axie Infinity Shards (AXS), which sank from a recent high above $75 to about $48. The Axie Infinity game continues with options for free-to-play, leaving Sky Mavis to cover the balance of the smart contract from its treasury and a recent fundraising round for $150M.