PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

US Links Largest Cryptocurrency Heist to North Korean Hackers

The US Treasury Department sanctions the digital wallet the hackers used to loot funds from Ronin Network last month.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

The US apparently suspects North Korean hackers were involved in last month’s $622 million cryptocurrency heist at Ronin Network. 

On Thursday, the US Treasury Department placed sanctions on the digital wallet the hackers used to loot the funds from Ronin Network. In doing so, the federal agency also tied the digital wallet to a notorious hacking group called Lazarus, which the US believes works for the North Korean government. 

In addition, the Ronin Network claims the FBI has attributed the cryptocurrency heist to the Lazarus group. The FBI didn’t immediately respond to a request for comment, but the Ronin Network says it's been working with law enforcement agencies to retrieve the stolen funds. 

Lazarus is perhaps best known for infiltrating Sony Pictures back in 2014. However, in recent years, the group has focused on stealing cryptocurrencies, possibly in an effort to help fund the North Korean government. The blockchain tracking firm Chainalysis estimates North Korean hackers stole at least $400 million in cryptocurrencies last year.

Ronin Network is the blockchain provider for the game Axie Infinity, which is popular in Asia. Late last month, the network lost 173,600 tokens in Ethereum after the hackers hijacked access to five “validator node” computers, which are used to authorize transactions. 

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

Most of the stolen Ethereum tokens remain inside the sanctioned digital wallet. However, the hackers appear to be laundering some of the stolen cryptocurrency through a service called Tornado Cash. The sanctions from the US Treasury can impose both civil and criminal penalties on anyone who facilitates transactions to the Lazarus group. However, one of the founders of Tornado Cash claims it's “technically impossible" for sanctions to be enforced against its decentralized protocols, according to Bloomberg.

UPDATE: The FBI confirmed to PCMag it suspects North Korean hackers were behind the heist at Ronin Network.

"Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK (Democratic People's Republic of Korea), are responsible for the theft of $620 million in Ethereum reported on March 29th," the FBI said in a statement.  

"The FBI, in coordination with Treasury and other US Government partners, will continue to expose and combat the DPRK’s use of illicit activities —including cybercrime and cryptocurrency theft— to generate revenue for the regime," the agency added.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio