Feds Link Axie Infinity's $625 Million Hack to North Korea's Lazarus Group

Conti gang claims credit for Nordex hack, Google ships emergency Chrome patches, Experts raise the alarm about Microsoft RPC vulnerability, Lawmakers launch probe into ID.me and more

Check out my latest CSO column, which focuses on the rare and dangerous malware that threatens ICS systems.

The Treasury Department included an Ethereum address in a sanctions list update that links the North Korean hacking unit Lazarus Group and last month's $625 million exploit of the Axie Infinity's Ronin sidechain network.

The address had previously been flagged on EtherScan as "reported to be involved in a hack targeting the Ronin bridge and currently holds 147,753.03 ETH, worth roughly $444 million at current market value. The FBI said in a statement that it had discovered the link to the Lazarus Group through its investigation. "Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th,” the FBI said. (Aaron Schaffer / Washington Post)

Related: The Block, The Verge, Wall Street Journal, Treasury.gov, FBI, Motherboard, The Daily Hodl, The Record, …