According to blockchain analytics firm Elliptic’s analysis, the Lazarus Group has been active in the cryptocurrency space since at least 2017, targeting both cryptocurrency exchanges and DeFi bridges. The Ronin Bridge exploiter was previously identified by the US Treasury as belonging to the North Korean state hacking group. The Phishing Attempt The Lazarus Group sent a message from the Ethereum account used in the Ronin Bridge attack, directing the Euler Finance hacker to decrypt a message using a specific piece of software. On March 17th, Lookonchain, another blockchain analytics firm, reported that an address controlled by the Euler Finance exploiter responsible for last week’s attack transferred 100 ETH, worth over $170,000, to a wallet associated with the Ronin Bridge exploit conducted by the Lazarus Group.