North Korean Hacker Group Steals $600 Million of Crypto in Axie Infinity 

April 18, 2022

By Sharan Kaur Phillora

The U.S. Treasury Department has linked North Korea-backed hackers known as Lazarus Group to a massive cryptocurrency heist worth $615m (£469m) from players of the popular online game Axie Infinity.

Here’s what we know:

The U.S. Treasury Department on Thursday added a new Ethereum address to its sanction list and linked it to North Korean hackers known as the Lazarus Group.

“Through our investigations, we were able to confirm Lazarus Group and APT38, cyber actors associated with [North Korea], are responsible for the theft,” the FBI said in a statement on Thursday.

Blockchain researchers said the address was likely behind the March hack of Ronin Bridge, a blockchain network connected to the popular play-to-earn game Axie Infinity, where more than $600 million worth of cryptocurrencies were stolen. 

The address received 173,600 ether ETHUSD and 25.5 million exploited from the Ronin attack, according to several blockchain analytics providers. Ronin Network provides a bridge that allows transfer of tokens between Ethereum and Axie Infinity. 

A representative of the Treasury Department didn’t immediately respond to a request seeking comment.

“North Korea is, in most respects, cut off from the global financial system by a long sanctions campaign by the U.S. and foreign partners,” Ari Redbord, head of legal and government affairs at crypto risk management company TRM Labs wrote in an email to MarketWatch. As a result, the nation launched cryptocurrency hacks that amounted to “essentially bank robbery” to fund weapon programs, nuclear proliferation and other activities, according to Redbord. 

Lazarus Group has grown increasingly sophisticated in laundering stolen funds, often using multiple mixing services and other obfuscation techniques, according to TRM’s Redbord. However, as the attackers are “ultimately not concerned with being caught,” they usually focus on moving the funds quickly before they are frozen, instead of engaging in lengthy and expensive obfuscation techniques, Redbord said. 

Known for its alleged hack against Sony Pictures and the WannaCry ransomware attack, Lazarus Group and other North Korean hackers launched at least seven attacks in total in 2021 on crypto platforms, exploiting almost $400 million worth of funds, according to crypto compliance company Chainalysis.


About the author

Sharan Kaur Phillora’s thirst for knowledge has led her to study many different subjects, including NFTs and Blockchain technology – two emerging technologies that will change how we interact with each other in the future. When she isn’t exploring a new idea or concept, she enjoys reading literary masterpieces.

Leave a Reply