North Korean Hackers Responsible for Last Month’s Ronin Theft, FBI Confirms

Hacker collectives Lazarus Group and APT38 ar responsible for the theft, the FBI said

by Sebastian Sinclair /
article-image

Blockworks Exclusive art by axel rangel

share

key takeaways

  • The Lazarus Group and APT38 have been named as those responsible for the theft
  • Exploiters used hacked private keys to forge withdrawals on March 23, Ronin said

The US Federal Bureau of Investigation has placed “cyber actors” from North Korea at the heart of last month’s $625 million hack on the Ethereum-linked sidechain Ronin Network.

Newsletter

Subscribe to Blockworks Daily

Through an investigation, the agency said it was able to “confirm” hacker collectives Lazarus Group and APT38 are responsible for the theft of hundreds of millions of dollars in crypto, a Thursday statement reads.

Exploiters, according to Ronin, used hacked private keys to forge withdrawals on March 23. The breach wasn’t discovered until several days later, when a user was unable to withdraw 5,000 ETH.

State-sponsored Lazarus has been accused of multiple digital asset-based hacks, including a year-long endeavor beginning in 2017 in which the group reportedly managed to siphon off $571 million.

The Treasury Department last week sanctioned the hacking collective and the Ethereum address allegedly behind the theft.

As part of its efforts to combat blockchain-related crime, the FBI established a new unit last month led by Eun Young Choi, a former senior counsel to the deputy attorney general.

The group, along with APT38, operates at the behest of the Democratic People’s Republic of Korea (DPRK) under dictator Kim Jong Un. The isolated northern nation on the Korean Peninsula is strangled by economic sanctions and threatened by military encirclement from Western allies over its continued use of nuclear arms.

Cryptocurrency is viewed by some experts as a means to circumvent capital controls and economic sanctions, as well as to hide the wealth of North Korea’s political elite. It has also been speculated it is one of several mechanisms that fund Kim’s heavily sanctioned regime.

“The FBI…will continue to expose and combat the DPRK’s use of illicit activities – including cybercrime and cryptocurrency theft,” the statement said.

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Permissionless IV Hackathon

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

learn more

recent research

Research Report Templates (1).jpg

Research

Jupiter: Scale, Synergies, and Scrutiny

Jupiter has emerged as the undisputed liquidity backbone of Solana, commanding over 90% of spot DEX aggregation and 80% of perp trading volume. But behind the numbers lies a far more ambitious play: a cross-chain, vertically integrated super-app spanning swaps, synthetics, NFTs, memecoins, and launchpads. This report explores Jupiter’s rapid rise, the monetization upgrades reshaping its revenue profile, and the risks that could unwind its dominance, from token dilution to competition. With annualized revenues nearing $300M, the upside is undeniable, if it can navigate the turbulence.

by Marc-Thomas Arjoon, CFA

/

news

article-image

The DropWeb3

Immutable teases ‘multibillion dollar’ collab that could be its game with Ubisoft

Immutable has been building a game with Ubisoft that was slated to unveil in April. It may be a TCG.

by Kate Irwin /
article-image

0xResearch NewsletterDeFi

Yield Basis wants to be DeFi’s ‘Bitcoin black hole’

Curve founder Michael Egorov is working on a new protocol designed to eliminate impermanent loss, rethink token emissions, and capture BTC-native yield

by Macauley Peterson /
article-image

AnalysisSupply Shock

A year after the Bitcoin halving, how much does 1 BTC cost to mine?

Mining outfits have gone bust in the wake of prior halvings. Not so this time around.

by David Canellis&Pete Rizzo /
article-image

BusinessEmpire Newsletter

Memecoins are ‘objectively’ the most successful crypto product: Analyst

Zora’s announcement that its token is for “fun only” sparked a debate about the need for such tokens

by Katherine Ross /
article-image

Lightspeed NewsletterWeb3

Solana’s biggest DePIN is setting records

In recent weeks, Helium has hit new all-time highs while passing major protocol milestones

by Jeff Albus /
article-image

FinanceForward Guidance Newsletter

How a soon-to-launch crypto equity ETF looks to be different

Financial advisers in a January survey said equity ETFs were their top choice for gaining crypto exposure in 2025

by Ben Strack /