The U.S. Treasury Department has added the North Korean hacking collective calling itself the Lazarus Group to its list of international sanctions, saying the group was responsible for the massive crypto theft from Axie Infinity that got away with. over US$600 million in March.
Axie Infinity makes use of a “sidechain” called Ronin that allows users to access the Ethereum blockchain without incurring many of the standard NFT transaction fees. Essentially, the Ronin and Ethereum blockchains run in parallel, connected by a digital “bridge” that allows the movement of cryptocurrencies between them. Unfortunately, an exploit on that bridge also allowed hackers to get away with 173,600 Ethereum and 25.5 million USDC, which at the time of the theft converted to over $600 million.
The Treasury Department”List of Specially Designated Nationals” does not refer to this crime explicitly, but lists a “digital currency address” for the Lazarus Group that etherscan he currently identifies himself as the “Ronin Bridge Exploiter” and states that he “is reported to be involved in a hack targeting the Ronin Bridge”.
The Treasury Department confirmed the connection in a statement sent to PC Gamer, saying the list has been updated to include the virtual wallet associated with the Axie Infinity heist. The wallet itself was discovered by the FBI as part of its ongoing investigation into the topic posted by North Korea and state-sponsored actors such as the Lazarus Group.
“The FBI continues to combat malicious cyber activities, including the threat posed by the Democratic People’s Republic of Korea to the US and our private sector partners,” an FBI representative told PC Gamer.
“Through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29. The FBI, in coordination with the Treasury and other US government partners, continue to expose and combat the DPRK’s use of illicit activities – including cybercrime and cryptocurrency theft – to generate revenue for the regime.”
Sky Mavis, which runs Axie Infinity, also noted the FBI’s involvement in an update on the blog Ronin. “Today, the FBI attributed the North Korea-based Lazarus Group to the security breach of the validator Ronin,” he wrote. “The US government, specifically the Department of the Treasury, has sanctioned the address that received the stolen funds.”
This isn’t the first time we’ve heard about the Lazarus Group. ChainAlysis said in January that North Korea fled with at least $400 million in stolen digital assets in 2021, most of it taken by Grupo Lazarus. Assuming that’s accurate, the heist of Axie Infinity represents a serious escalation, trumping all of the previous year’s take on a single job.
TOPIC: OFAC’s SDN designation updates for Lazarus Group confirm that the North Korean cybercriminal group was behind the March Ronin Bridge hack, in which over $600 million worth of ETH and USDC was stolen.April 14, 2022
elliptic, another cryptosecurity firm, estimated that North Korea has laundered 18% of the stolen funds; The balance, combined with the $170 million worth of stolen cryptocurrencies North Korea was holding in January, means the country is now over half a billion in unwashed cryptocurrencies.
As for why North Korea is carrying out cryptocurrency robberies, the Treasury Department said the country is trying to evade US and UN sanctions to find funding for its weapons programs, which is why agencies are looking sanctions programs so aggressively. The effort is not futile: the US recently a former employee of the Ethereum Foundation arrested for more than five years, and imposed a $100,000 fee, for traveling to North Korea in 2019 to give a presentation on “the use of cryptocurrency technologies to avoid sanctions and money laundering”.
As for Axie Infinity, the developers said in their latest update that they are still adding additional security measures to Ronin Bridge and expect it to be redeployed by the end of April. But Axie may have a potentially even bigger problem on her hands: as reported by Radar Games, the game’s digital “owners” are having a hard time finding players willing to fill quotas and help them make a profit from their NFT creatures. Sky Mavis recognized the problem in February, when it removed daily quests in an effort to reduce the amount of SLP rewards flowing into the game, saying, “Axie’s economy demands drastic and decisive action now or we risk total and permanent economic collapse” .