Two major cryptocurrency hacks from different times and platforms seem to be linked by a common address. According to on-chain data examined by Look on Chain, a party that took advantage of Euler Finance’s protocol delivered 100 Ether worth more than $170,000 to a wallet linked to the Ronin network hack of Axie Infinity that was allegedly carried out by North Korean hackers known as Lazarus Group last year.
The connection raises concerns about the potential involvement of a highly developed and well-funded cybercriminal organization in both events, even though the reason for the communication and the sender and receiver’s identities are still unknown.
A flash loan attack earlier this month depleted the coffers of Euler Finance, a decentralized finance (DeFi) platform on the Polygon network, of roughly $200 million in various cryptocurrencies. Instead of taking use of a coding flaw, the attacker took advantage of the internal marketplaces of Euler’s liquidity pools to borrow a sizable number of assets and trade them for others at profitably discounted rates. Because DeFi platforms rely on intricate smart contracts and decentralised governance processes, the exploit significantly reduced the value of Euler’s token, EUL, and raised questions about its stability and security.
Axie Infinity, a popular blockchain-based game that features collectible creatures, experienced a similar but more traditional hack in July 2021, when the Ronin network was breached and more than $600,000 worth of the game’s native token, AXS, was stolen. The hack was attributed to Lazarus Group, a notorious hacking group associated with the North Korean regime that has been linked to multiple cyberattacks against financial institutions, cryptocurrency exchanges, and government agencies around the world. The U.S. Department of the Treasury designated Lazarus Group as a sanctioned entity in April 2022, citing its involvement in the Horizon Bridge theft of $100 million in cryptocurrencies.
The connection between the Euler Finance and Axie Infinity hacks may indicate that Lazarus Group or its associates are expanding their targets and tactics in the cryptocurrency space, as well as their methods of laundering and transferring stolen funds. Alternatively, the coincidence may be a false flag or a random occurrence that does not imply a causal or conspiratorial relationship. However, the fact that the sender of the recent Ether transaction used a smart contract to split the funds into smaller amounts and distribute them to multiple wallets, including one that was also involved in a previous exploit of another DeFi protocol, Mango Markets, suggests a deliberate effort to obfuscate the trail and avoid detection by law enforcement or cybersecurity analysts.
The case highlights the challenges and risks of investigating and prosecuting cybercrime in the decentralized and anonymous environment of cryptocurrency networks, as well as the need for stronger security measures and regulations to prevent and deter such attacks. The emergence of sophisticated and well-funded hacking groups like Lazarus Group also underscores the importance of collaboration and information-sharing among the cryptocurrency industry, law enforcement agencies, and other stakeholders to counter the growing threat of cybercrime.
