The US Department of Justice and the FBI suspect that North Korean hackers are behind the giant hack of the NFT game Axie Infinity, where attackers stole over $620 million in cryptocurrency. The U.S. Treasury Department has sanctioned an Ethereum address said to have received coins stolen in the hack of blockchain bridge Ronin, which handles transactions in the NFT game.
An investigation found that North Korea-affiliated groups Lazarus and APT38 carried out the theft reported on March 29, the FBI said Thursday. The FBI and the US government will continue to expose and combat North Korea’s illegal activities, including cybercrime and theft of cryptocurrencies, it said. The blockchain analysis company Chainalysis also shares the suspicions of the US authorities. Its experts had determined that the address received 173,600 ethers (around $525 million) and $25.5 million in the form of stablecoin USDC “from the Ronin Bridge smart contract during the attack.”
Players of the online game Axie Infinity were affected by the theft. The attackers targeted so-called bridge software that could be used to exchange crypto money in the game for other digital currencies. Among other things, 173,600 units of the cryptocurrency Ethereum were stolen, according to the operators of the hacked Ronin Bridge.
The attackers managed to withdraw the digital currencies with hacked crypto keys. Bridges have been considered a potential risk in the industry for some time, as little is known about their security measures.
“First, the stolen USDC were swapped into ETH via decentralized exchanges to prevent them from being confiscated. Tokens like stablecoins are controlled by their issuers, who in some cases can freeze tokens involved in illegal activities.”
The use of decentralized exchanges is said to have served the goal of bypassing anti-money laundering and identity controls. After that, the hackers began “laundering $16.7 million worth of ETH across three centralized exchanges.” However, this strategy is unusual for typical Defi exploits, write the Elliptic experts, because these exchanges also have to comply with money laundering prevention obligations. However, the procedure had already been “observed in earlier exploits by the Lazarus group”.
According to North Korea, there is neither the Lazarus Group nor is the state even interested in hacking cryptocurrencies.
