Less than two days after a well-known crypto developer was sentenced to more than five years in prison for teaching North Korean crypto conference attendees how to avoid sanctions, the U.S. government revealed that the rogue nation was behind a $625 million hack on a popular decentralized finance (DeFi) project.
Ronin Network was a cross-chain payments bridge protocol that allowed users of the top blockchain-based NFT game Axie Infinity to swap their crypto for one needed for the game — and later reclaim it. This let them avoid exchange transaction fees by locking collateral into the bridge.
Projects like the Ronin Network have been hit hard this year, with nearly all of the $1.3 billion stolen by hackers in the first quarter of 2022 alone having come from DeFi, according to blockchain intelligence firm Chainalysis.
On Thursday (April 14) the Treasury’s Office of Foreign Assets Control (OFAC) added the address of the Ethereum wallet the Ronin Network thieves used to store their stolen crypto to a list of those owned by the infamous North Korean Lazarus Group, leading blockchain analytics firm Elliptic said in a blog post. Its thefts are thought to fund the North Korean nuclear weapons program.
Earlier, the Lazarus Group made off with 173,600 of the No. 2 cryptocurrency on March 23 — a theft that wasn’t even discovered until six days later. As of Thursday afternoon, the account still held nearly 148,000 ETH, worth $443 million. Another $25.5 million in USDC stablecoins were also looted.
North Korean Obsession
The vast majority of the funds stolen from thousands upon thousands of Ronin users in the latest hacking were Ethereum’s ether — the token Virgil Griffith spent years helping develop before he violated the International Emergency Economic Powers Act by traveling to North Korea and flouting sanctions against the rogue state.
At his April 12 sentencing hearing in New York, the former Ethereum Foundation developer told the judge, “I have been cured of my stubborn arrogance, and my obsession with North Korea.”
That did not hold much weight with the judge, especially in light of the newfound attention to sanctions following Russia’s invasion of Ukraine.
Noting that Griffith wrote “No sanctions yay” and a smiley face on a whiteboard during his speech at the Pyongyang conference, Federal Judge P. Kevin Castel of the Southern District of New York called Griffith’s actions “intentional violation of sanctions, which are intended to avoid military conflict.”
Judge Castel then sentenced Griffith to 63 months in prison.
It’s hard to imagine that knowing the $218 million Lazarus Group has so far managed to move for sale went to fund nuclear weapons research would have helped Griffith’s case.
A personnel problem
There have been a series of scandals over the years related to crypto’s rather minimal HR standards. While Ethereum founder Vitalik Buterin wrote a letter of support during the presentencing process, he noted on Twitter that while the Ethereum Foundation had no part in Griffith’s trip, it was one “many counseled against.”
The Foundation “initially indulged” Griffith, prosecutors alleged in filings. And he did not leave his post until his legal troubles became clear.
It’s a broader problem, The New York Times said on March 2, noting that the industry has what amounts to an anonymity problem in which “investors give money to pseudonymous developers. Venture capitalists back founders without learning their real names.”
Among others, it cited the case of the Wonderland DeFi project, which raised hundreds of millions of dollars and crashed when the in-development project’s treasury manager — known only as 0xSifu — turned out to be Michael Patryn, who had been imprisoned for fraud in the past, the Times reported.
Really, the problem is that the willingness to work with anonymous or at least pseudonymous developers and founders is a problem baked into crypto’s bones: After all, no one knows the real identity of Satoshi Nakamoto, who created crypto and blockchain with his Bitcoin Whitepaper.
Also read: PYMNTS Crypto Basics Series: Is Bitcoin Really Anonymous and How Can Law Enforcement Track It?