The US Just Tied This Massive Crypto Theft To North Korean Hackers

Popular crypto-centric game Axie Infinity was targeted by hackers last month who managed to steal over $600 million worth of Ethereum in an act that was labeled one of the biggest heists of its kind. The Federal Bureau of Investigation (FBI) has now tied the crime to North Korea-based hackers, naming the notorious Lazarus Group. According to the Treasury Department's Office of Foreign Assets Control database, the wallet address linked to the theft belongs to the Lazarus Group. The gang's involvement was discovered following a joint investigation pursued by the Treasury Department and the FBI. Sky Mavis, which manages the Ronin blockchain linked to the game, acknowledged the finding and has promised to strengthen its security protocols.

As of April 14, the hackers have managed to launder roughly 80% of the stolen funds, according to an Elliptic analysis. However, the original crypto wallet used for the hack still has funds worth over $440 million left in it. Hackers have managed to funnel the stolen crypto through Tornado Cash, a smart contract token based on the Ethereum blockchain that employs cryptocurrency mixing protocols to hide trails of crypto transactions. 

CoinDesk conducted an interview with Tornado Cash co-founder Roman Semenov who suggested that he and his fellow creators cannot control what users do with the service and that the autonomous nature of the coin mixing platform keeps it out of developers' control. Tornado Cash has reportedly been used by bad actors to siphon illegally acquired crypto assets, including a recent incident in which Ether coins worth over $15 million were laundered, according to CoinDesk. 

The hackers have a history

The crypto address linked to the Axie Infinity hack has been sanctioned, which means any party involved in moving the funds will also face action by government officials. The hacker group exploited the validation system of the Ronin bridge that lets users deposit their crypto coins and converts them into in-game tokens. Members of the group stole private keys belonging to five out of nine validators on the Ronin bridge to approve the transaction for moving 173,000 Ethereum and 25.5 million USDC. Multiple crypto exchange outlets, independent cybersecurity experts, and law enforcement officials are monitoring the flow of funds from the sanctioned wallet, hoping to trace it back to the back actors behind it and recover the stolen assets.

As for the hackers behind it, they have a long history of targeting financial institutions and corporate entities to steal funds via ransomware attacks. The Lazarus gang has been accused of laundering money for the despotic regime under Kim Jong-un on multiple occasions in the past, reportedly using acquired funds to support the government's weapons program and the development of nuclear warheads. The group has also been reportedly connected to famous incidents like the Sony Pictures hack and the WannaCry ransomware attack. In the year 2021, the U.S. Department of Justice charged three members of the gang for stealing funds worth over $1.3 billion from different companies and institutions across the world.