Crypto exchange has recovered a small fraction of the $622 million stolen from Sky Mavis’s sidechain Ronin last month, according to a tweet by exchange CEO Changpeng “CZ'' Zhao early this morning.
Sky Mavis is the developer team behind the popular play-to-earn crypto game .
Zhao tweeted that the North Korean hacking group responsible for the theft began channeling some of the loot on the exchange across “over 86 accounts” and that “$5.8M has been recovered.”
The DPRK hacking group started to move their Axie Infinity stolen funds today. Part of it made to Binance, spread across over 86 accounts. $5.8M has been recovered. We done this many times for other projects in the past too. Stay #SAFU.
— CZ 🔶 Binance (@cz_binance) April 22, 2022
Lazarus is responsible for several major hacks, including the 2017 WannaCry ransomware attack, 2014’s Sony Pictures attack, and a series of cyber raids on pharmaceutical companies in 2020, including COVID-19 vaccine developers AstraZeneca.
Earlier this month, the Ronin attacker was spotted moving $7 million in crypto over to Tornado Cash, a tool that obfuscates crypto transactions by acting as an intermediary, breaking the on-chain link between the source of funds and their destination.
Axie Infinity Ronin bridge hack
On March 23, the attackers drained 173,600 Ethereum and 25.5 million USDC stablecoins from the bridge connecting Axie Infinity developer Sky Mavis’s custom Ronin sidechain to Ethereum.
The theft wasn’t discovered until March 29, however.
The purpose of the funding was to help reimburse victims of the attack and patch security vulnerabilities.
Sky Mavis described the hack as "socially engineered" at the time and said the cause of the security breach was a small validator set. The company is reportedly expanding the number of validators from five to twenty-one over the next three months with the new funding.
Last week, Sky Mavis launched a bug bounty program, offering various prizes, including a jackpot of $1,000,000, to benevolent hackers who can identify any “extraordinarily severe” vulnerabilities.