Ronin hack blamed to North Korean hackers by American government

vv181

legendary

Activity: 1932

Merit: 1273

Quote from: bbc.reporter on April 17, 2022, 08:28:56 PM

Quote from: vv181 on April 15, 2022, 02:22:28 PM

Quote from: bbc.reporter on April 14, 2022, 11:12:27 PM

Does anyone have any articles or other news that proves it is the North Korean hacking group Lazarus that has hacked Ronin or we only trust the sauces of the United States treasury department? I think that we should very skeptical of this until they show how they concluded that the Lazarus group was really the hacker.

I tried to look around the sources that tied the hack has something to do with the alleged group, and I didn't even see there is a single plausible reason that the hack can be concluded to the Lazarus group. After all, I don't even think that Chainalysis and the US entities would disclose the investigation, if they truly have proof and decided to disclose it, that will only make those group can readdress their strategy about obfuscating the coins.

Are there sources proving without doubt that the Lazarus group are North Korean? How do we know?

That also the things that are still vague. There hasn't been any strong proof that concludes the Lazarus group is from North Korea or backed by them. As far as I concern the allegation were tied because of their past hacking activities, which barely suggest as:

Quote from: https://www.kaspersky.com/about/press-releases/2017_chasing-lazarus-a-hunt-for-the-infamous-hackers-to-prevent-large-bank-robberies

According to researchers, that could mean several things:

The attackers connected from that IP address in North Korea
It was someone else’s carefully planned false flag operation
Someone in North Korea accidentally visited the command and control URL

As we can see above, I think it isn't a fact that the group are indeed from North Korea. I don't follow that issue again, so I don't know if there are any new reports.

Ketesnuko

member

Activity: 233

Merit: 12

I still read about this news today as the FBI is now pointing to North Korean hackers for many crypto hacks that already happened and some that are already in the play waiting for newbies to fall victim, the only way to prove this is by getting one hacker nailed and make such confession, in this case its going to be extremely hard because this is North Korea, no one leaves this country to make some confession about what the country is up to alive.

Odusko

hero member

Activity: 1008

Merit: 520

Leading Crypto Sports Betting & Casino Platform

So many hack cases in recent times have happened to the security architecture of most def and NFTs platforms lately because their the most hit by hackers, rather than blaming the origin of the hackers we should concentrate more on protecting our funds from hackers and the only way is to stop playing the blame game and step up our security.

Bttzed03

legendary

Activity: 2114

Merit: 1150

https://bitcoincleanup.com/

Of all the hacks and cyber attacks linked to Lazarus, had there been other proofs presented by the US Government agencies (Treasury Dept., FBI, CIA...)? AFAIK, it's just their words. The only other way I see to prove this is if the hackers confirm the accusations.

Quote from: jrrsparkles on April 19, 2022, 12:07:24 AM

North Korean people have computers at all?

Of course they do. How else would they operate the equipments/machineries for their nuclear weapons and missiles without using high end computers?

Quote from: jrrsparkles on April 19, 2022, 12:07:24 AM

Someone hacked the funds and its because of the security bug so why need to blame a country,

They are not blaming a country but a group of hackers that happened to be sponsored by the Government (according to them).

Yaunfitda

hero member

Activity: 2870

Merit: 594

We can only based on speculations as North Korean hackers have been blamed for most of the crypto's hack in the last 5 years or so. But we definitely don't have valid proof except coming from the US itself.

Definitely the North Koreans are not going to admit it as well. And even their secretive Lazarus group has been in the headlines even before crypto boom in 2017 if I'm not mistaken.

Nevertheless, we should take everything with a grain of salt.

jrrsparkles

sr. member

Activity: 2520

Merit: 280

Hire Bitcointalk Camp. Manager @ r7promotions.com

North Korean people have computers at all? Someone hacked the funds and its because of the security bug so why need to blame a country, no matter who hacked it should be punished. Also everything we see from the news are not supposed to be true or 100% accurate so let's wait until there is proof to claim who stole and laundered it.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Quote from: Xal0lex on April 18, 2022, 04:06:39 PM

Quote from: bbc.reporter on April 17, 2022, 08:28:56 PM

Agreed, the smart contracts are immutable. I speculate that Tornadocash's statement is only for the purpose of protecting itself from the government. They make it appear that the sanctioned wallets are really blocked, however, everyone in the community knows this is impossible to do hehe.

These are just bureaucratic mechanisms, I understand. All these statements about blocking are made for accountability, nothing more. If it were possible to block tornado cash, it would have been done long ago and mixing of stolen ETH would have been prevented. But regulators understand that they are powerless against decentralized services, that's why we see these ridiculous statements.

Agreed again, this is nothing more than a frontend block by Tornadocash. Another development team can fork Tornadocash and allow all coins from all sources to be mixed and use all the same smart contracts as Tornadocash.

@Yogee. I am only skeptical if the Lazarus group is really from North Korea. Also do not trust everything you read in the news.

Yogee

sr. member

Activity: 1554

Merit: 413

Quote from: bbc.reporter on April 14, 2022, 11:12:27 PM

.... I think that we should very skeptical of this until they show how they concluded that the Lazarus group was really the hacker.

Are you asking them to divulge their methodology in tracing those wallets? I doubt they will ever do that. I'm sure the hackers would also love to know how they were traced and then change their methods.

It is mentioned by Elliptic that the hackers used centralized exchanges before using tornadocash so that's probably part of the reason.

Baofeng

legendary

Activity: 2576

Merit: 1655

Yeah, I read the news as well, I think this is not the first time and definitely not the last thing we are going to heard from North Korea with regards to crypto hacking. I mean they have been doing this for years already and they even have their own group inside to work this, state sponsored attacks. So this is going to be a cat and mouse game, developers should know how to protect and should be wary of North Korea's Lazarus group.

crzy

full member

Activity: 2128

Merit: 180

Quote from: ryzaadit on April 15, 2022, 12:37:38 PM

Just like say.

Getting robbed because you are not closed the door, and someone robbed you then you are blaming the robbed ~XD The important things about this not who is hacked the ronin, but the security of ronin it self need to be questioned.

They should stop blame someone, and fix the goddamnd security ~LOL

Wonder why the US blames North Korea directly, while the Ronin team can’t figure this out.
This is a big mistake from the developer, they can’t secure the money and this is the price that they have to pay. I agree on everything here, they should focus on fixing the security blaming other country can’t be a big help, their platform is slowly sinking.

Xal0lex

staff

Activity: 2436

Merit: 2347

Quote from: bbc.reporter on April 17, 2022, 08:28:56 PM

Agreed, the smart contracts are immutable. I speculate that Tornadocash's statement is only for the purpose of protecting itself from the government. They make it appear that the sanctioned wallets are really blocked, however, everyone in the community knows this is impossible to do hehe.

These are just bureaucratic mechanisms, I understand. All these statements about blocking are made for accountability, nothing more. If it were possible to block tornado cash, it would have been done long ago and mixing of stolen ETH would have been prevented. But regulators understand that they are powerless against decentralized services, that's why we see these ridiculous statements.

dansus021

copper member

Activity: 2156

Merit: 983

Part of AOBT - English Translator to Indonesia

Quote from: ryzaadit on April 15, 2022, 12:37:38 PM

Just like say.

Getting robbed because you are not closed the door, and someone robbed you then you are blaming the robbed ~XD The important things about this not who is hacked the ronin, but the security of ronin it self need to be questioned.

They should stop blame someone, and fix the goddamnd security ~LOL

hahah this is kinda true

north korea always become of something tho Grin

. and i would aggree to you that ronin team should fix the security and question about every team they had becuse it can be inside job to

bussybuddy

full member

Activity: 1190

Merit: 105

PredX - AI-Powered Prediction Market

I also read this news recently, but it was also surprising because I only knew of North Korea as a country with a nuclear military and potential threats to those who want to control it. surname. I know they are very poor with the embargoed economy, and they also get some food donations from the country I live in, but information like the Internet is not yet available in this country, which is also known. So many people verifying. It's strange that hackers come from here with such a big case.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Quote from: Xal0lex on April 15, 2022, 02:41:10 PM

Quote from: bbc.reporter on April 14, 2022, 11:12:27 PM

Also, what can the treasury department do if those coins went to Tornado Cash for mixing?

I read the news today that Tornado Cash will be blocking sanctioned addresses. It was posted on their Twitter feed:

https://twitter.com/TornadoCash/status/1514904975037669386

Quote

Tornado Cash uses @chainalysis oracle contract to block OFAC sanctioned addresses from accessing the dapp.
Maintaining financial privacy is essential to preserving our freedom, however, it should not come at the cost of non-compliance.

Although the blocking is only provided at the frontend level of the application, the smart contract itself remains the same as before. So this blocking can be bypassed by simply using the smart contract directly.

So far, Tornado Cash has received about 27,000 ETH of the stolen 173,600 ETH

Agreed, the smart contracts are immutable. I speculate that Tornadocash's statement is only for the purpose of protecting itself from the government. They make it appear that the sanctioned wallets are really blocked, however, everyone in the community knows this is impossible to do hehe.

Also, what if the hackers transfers the coins to another address then sends them to Tornadocash within 1 minute?

Quote from: vv181 on April 15, 2022, 02:22:28 PM

Quote from: bbc.reporter on April 14, 2022, 11:12:27 PM

Does anyone have any articles or other news that proves it is the North Korean hacking group Lazarus that has hacked Ronin or we only trust the sauces of the United States treasury department? I think that we should very skeptical of this until they show how they concluded that the Lazarus group was really the hacker.

I tried to look around the sources that tied the hack has something to do with the alleged group, and I didn't even see there is a single plausible reason that the hack can be concluded to the Lazarus group. After all, I don't even think that Chainalysis and the US entities would disclose the investigation, if they truly have proof and decided to disclose it, that will only make those group can readdress their strategy about obfuscating the coins.

Are there sources proving without doubt that the Lazarus group are North Korean? How do we know?

Xal0lex

staff

Activity: 2436

Merit: 2347

Quote from: bbc.reporter on April 14, 2022, 11:12:27 PM

Also, what can the treasury department do if those coins went to Tornado Cash for mixing?

I read the news today that Tornado Cash will be blocking sanctioned addresses. It was posted on their Twitter feed:

https://twitter.com/TornadoCash/status/1514904975037669386

Quote

Tornado Cash uses @chainalysis oracle contract to block OFAC sanctioned addresses from accessing the dapp.
Maintaining financial privacy is essential to preserving our freedom, however, it should not come at the cost of non-compliance.

Although the blocking is only provided at the frontend level of the application, the smart contract itself remains the same as before. So this blocking can be bypassed by simply using the smart contract directly.

So far, Tornado Cash has received about 27,000 ETH of the stolen 173,600 ETH

vv181

legendary

Activity: 1932

Merit: 1273

Quote from: bbc.reporter on April 14, 2022, 11:12:27 PM

Does anyone have any articles or other news that proves it is the North Korean hacking group Lazarus that has hacked Ronin or we only trust the sauces of the United States treasury department? I think that we should very skeptical of this until they show how they concluded that the Lazarus group was really the hacker.

I tried to look around the sources that tied the hack has something to do with the alleged group, and I didn't even see there is a single plausible reason that the hack can be concluded to the Lazarus group. After all, I don't even think that Chainalysis and the US entities would disclose the investigation, if they truly have proof and decided to disclose it, that will only make those group can readdress their strategy about obfuscating the coins.

ryzaadit

legendary

Activity: 2660

Merit: 1261

Just like say.

Getting robbed because you are not closed the door, and someone robbed you then you are blaming the robbed ~XD The important things about this not who is hacked the ronin, but the security of ronin it self need to be questioned.

They should stop blame someone, and fix the goddamnd security ~LOL

sunsilk

hero member

Activity: 3038

Merit: 634

I've seen this news recently and was surprised that they've determined the hacker was from North Korea. I am of the same opinion as you that even the sauces are telling us that the culprit is from NK, still, we should take it with a grain of salt.

Maybe they're right and we're wrong or vice versa.

Whether they also determine who the hackers are, do they have the capacity to return the hacked funds? I don't think that they can.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Does anyone have any articles or other news that proves it is the North Korean hacking group Lazarus that has hacked Ronin or we only trust the sauces of the United States treasury department? I think that we should very skeptical of this until they show how they concluded that the Lazarus group was really the hacker.

Also, what can the treasury department do if those coins went to Tornado Cash for mixing?

The U.S. Treasury Department alleged that North Korean hacking group Lazarus is tied to a more than $600 million theft of cryptocurrency from the Axie Infinity-linked Ronin bridge.
The Treasury Department added an Ethereum address to its sanctions list on Thursday. Wallet profiler Nansen had labeled the sanctioned address as a “Ronin Bridge Exploiter” when checked by CoinDesk Thursday. It held 148,000 ETH at publication time. CoinDesk independently confirmed that the wallet is tied to the Ronin exploit.

Crypto analytics firm Chainalysis tweeted that the address “was involved in the Ronin hack.” Tracing firm Elliptic estimated that 14% of the stolen funds had already been laundered by Thursday.

A Treasury Department spokesperson said the department had worked with the FBI to investigate the Lazarus Group and Advance Persistent Threat 38 (another North Korean entity believed to use malicious programming to steal funds).

"Identification of the wallet will make clear to other VC actors, that by transacting with it, they risk exposure to US sanctions. This demonstrates Treasury’s commitment to use all available authorities to disrupt malicious cyber actors and block ill-gotten criminal proceeds," the spokesperson said. "There may be mandatory secondary sanctions requirements on persons who knowingly, directly or indirectly, engage in money laundering, the counterfeiting of goods or currency, bulk cash smuggling, or narcotics trafficking that supports the Government of North Korea or any senior official or person acting for or on behalf of that Government."

Read in full https://www.coindesk.com/policy/2022/04/14/us-officials-tie-north-korean-hacker-group-to-axies-ronin-exploit/

Topic: Ronin hack blamed to North Korean hackers by American government (Read 150 times)