The U.S. Department of the Treasury managed to track down the culprit of the massive Axie Infinity cryptocurrency heist. It turns out that a North Korean hacker group called Lazarus stands behind the theft, which amounted to over $600 million worth of crypto being stolen.
In response to the theft, the group involved had been added to the U.S. international sanctions list.
THREAD: Updates to OFAC’s SDN designation for Lazarus Group confirm that the North Korean cybercriminal group was behind the March hack of Ronin Bridge, in which over $600 million worth of ETH and USDC was stolen.
— Chainalysis (@chainalysis) April 14, 2022
The attack took place in March of this year and it targeted Axie Infinity, a blockchain-based game that involves cryptocurrency transactions. Although the game is based on Ethereum, it utilizes a blockchain called Ronin. This allows the players to perform all the necessary transactions without paying the hefty fees of the standard Ethereum blockchain.
The two chains are connected by a digital bridge. It’s a helpful workaround for day-to-day users, but unfortunately, an exploit in the bridge between Ethereum and Ronin resulted in a massive theft. The hack conducted by the Lazarus Group resulted in 173,600 Ethereum and 25.5 million USDC being stolen. USDC is a so-called stable coin, which means it’s pegged to the U.S. dollar. At the time of the theft, the two currencies pooled together amounted to over $600 million.
Initially, it was unclear whether the Specially Designated Nationals List update referred to the Axie Infinity heist specifically. However, the Department of the Treasury confirmed to PC Gamer that the new entry refers to the hack conducted by Lazarus. The cryptocurrency wallet that collected the stolen funds was discovered by the FBI as part of an ongoing investigation of North Korea.
Lazarus is a state-sponsored group of hackers, and this isn’t the first time we’ve heard about their attacks. According to Chainalysis, the group stole at least $400 million worth of digital assets in 2021. However, this means that the 2022 Axie Infinity hack is a huge escalation, seeing as the group managed to steal over $600 million in one go.
The funds obtained through these crypto attacks are most likely used to fund North Korea’s weapon programs. Elliptic, a cryptosecurity firm, estimates that the country has already laundered 18% of the $600 million Lazarus managed to obtain.
An anonymous FBI representative said to PC Gamer: Through our investigation, we were able to confirm Lazarus Group and APT38, cyber actors associated with the Democratic People’s Republic of Korea (DPRK), are responsible for the theft of $620 million in Ethereum reported on March 29th. The FBI, in coordination with Treasury and other U.S. Government partners, will continue to expose and combat the DPRK’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime.”
This is a huge hit for Axie Infinity, a game that relies on helping users profit rather than just to have fun. Sky Mavis, the developers of Axie Infinity, said that additional security measures are being added to the Ronin Bridge. Hopefully, this time around, the bridge will be secure enough to not be breached.
