North Korean Hacker Group Reportedly Behind Axie Infinity's $600 Million Security Breach

thegamer.com:

Axie Infinity, an NFT game that recently suffered a $600 million security breach, was apparently targetted by a North Korean hacker organization. Lazarus Group, which has previously been linked to several high-profile cyberattacks, has been named by the FBI as the group behind the recent Axie Infinity hack, but is unable to reclaim stolen cryptocurrency.

Lazarus Group has had its crypto wallet sanctioned by US authorities following the attack, but retains much of what was taken. $440,350,353 worth of Ethereum sits in the wallet at the time of writing, and it has been left to the company that powers Axie Infinity, Ronin Network, to reimburse affected players.

Related: Axie Infinity Is A Classic Example Of What’s To Come For NFT Games

Axie Infinity, a creature collecting NFT game that many users play as a full-time job, had one of its blockchains hacked in March. This resulted in 173,600 Ethereum and 25.5M USDC being taken from Ronin Network, something that would hit its players - many of whom earn less than the minimum wage - particularly hard.

The vulnerability that allowed the attack to take place was actually a side effect of its success. Axie Infinity's developer had to ask Ronin to temporarily assist with approving transactions, because there were just too many of them. Ronin gave up the ability to verify purchases in December 2021, but one of its nodes still retained this ability. This is what the hackers used to get their own "purchases" approved, which can still be seen in their wallet.

Commenting on the latest move, Ronin says that it is "adding additional security measures" as a result of the attack. Reassuring players that "security comes first", it says that the updates should be implemented by the end of