Crypto exchange Binance has recovered a small fraction of the $622 million stolen from Sky Mavis’s Ethereum sidechain Ronin last month, according to a tweet by exchange CEO Changpeng “CZ'' Zhao early this morning.

Sky Mavis is the developer team behind the popular play-to-earn crypto game Axie Infinity

Zhao tweeted that the North Korean hacking group responsible for the theft began channeling some of the loot on the exchange across “over 86 accounts” and that “$5.8M has been recovered.”

Just last week, following a tip from the FBI, the U.S. Treasury added the attacker’s Ethereum wallet to its sanctions list

The wallet, named “Ronin Bridge Exploiter” on Etherscan, had been connected to North Korea hacking group Lazarus, an organization that the FBI describes as “state-sponsored.”

Lazarus is responsible for several major hacks, including the 2017 WannaCry ransomware attack, 2014’s Sony Pictures attack, and a series of cyber raids on pharmaceutical companies in 2020, including COVID-19 vaccine developers AstraZeneca

Earlier this month, the Ronin attacker was spotted moving $7 million in crypto over to Tornado Cash, a tool that obfuscates crypto transactions by acting as an intermediary, breaking the on-chain link between the source of funds and their destination.

Axie Infinity Ronin bridge hack

On March 23, the attackers drained 173,600 Ethereum and 25.5 million USDC stablecoins from the bridge connecting Axie Infinity developer Sky Mavis’s custom Ronin sidechain to Ethereum. 

The theft wasn’t discovered until March 29, however.

Ethereum
ETH
-7.05%$1,775.22
24H7D1M1YMAX
Created with Highcharts 10.3.3Mar 30Apr 1Apr 3Apr 5Apr 7Apr 9Apr 11Apr 13Apr 15Apr 17Apr 19Apr 21Apr 23Apr 25Apr 27$1300$1400$1500$1600$1700$1800$1900$2000
Price data by
ETH price

A week later, Binance led a $150 million funding round, including Animoca, the company behind popular crypto game The Sandbox, and tech venture capital firm a16z. 

The purpose of the funding was to help reimburse victims of the attack and patch security vulnerabilities. 

Sky Mavis described the hack as "socially engineered" at the time and said the cause of the security breach was a small validator set. The company is reportedly expanding the number of validators from five to twenty-one over the next three months with the new funding. 

Last week, Sky Mavis launched a bug bounty program, offering various prizes, including a jackpot of $1,000,000, to benevolent hackers who can identify any “extraordinarily severe” vulnerabilities.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.