North Korea’s revenue comes not from international trade, manufacturing, or even tourism. Due to the authoritarian rule of Kim Jong-Un, most nations around the world have trading sanctions against North Korea and the people’s republic can only trade only so much with their closest ally, China. Therefore the amount of money coming in to the East-Asian country is limited. So how do they make money? Crime, of course. Nuclear bombs aren’t cheap to make, after all. And specifically, cybercrime, in which digital assets are stolen, often in cryptocurrencies. A hacking group known as Lazarus Group, linked to ‘True Korea’, stole around $540m of cryptocurrencies from users of an online game. Some of this has now been retrieved by the FBI. More in this article from The Wall Street Journal. – Ross Sinclair
U.S. Recovers Over $30 Million in Cryptocurrency Stolen by North Korean Hackers
Sum is only a fraction of hundreds of millions siphoned in breach of ‘Axie Infinity’ online videogame this year
By Dustin Volz and Caitlin Ostroff
U.S. authorities have seized more than $30 million in cryptocurrency plundered from an online game this year by hackers linked to North Korea, one of the largest successes clawing back digital revenue from Pyongyang, investigators said.
While only a fraction of the hundreds of millions in cryptocurrency purloined, the sum recovered is far higher than previously known. It reflects both the growing capabilities of the Federal Bureau of Investigation and other agencies and the priority the U.S. is giving to thwarting North Korean hackers, whose heists are used to bolster their country’s nuclear ambitions, analysts said.
Erin Plante, senior director of investigations at the cryptocurrency intelligence firm Chainalysis, which announced the seizure amount Thursday at a conference in Barcelona, said the recovery was among the largest by U.S. law enforcement and had made it more difficult for the North Korean hacking group known as Lazarus Group to access the funds.
“It’s a big deal to have any amount of money clawed back from the Lazarus Group,” Ms. Plante said in an interview. “That didn’t used to happen.”
Sky Mavis Ltd., publisher of the game “Axie Infinity,” said in March that hackers had infiltrated part of its Ronin Network, the blockchain, or digital ledger, on which the game runs. The infiltrators gained access to accounts holding cryptocurrencies and drained 173,600 ether and 25.5 million of the stablecoin USDC. The assets were worth about $540 million on the date of the theft.
Sky Mavis said then it was working with Chainalysis, which often supports U.S. law enforcement investigations, to track the stolen funds. The firm said it traced the stolen funds to points where the thieves attempted to convert it to fiat currency, and there law enforcement and partners in the cryptocurrency industry were able to freeze the money.
The recovered cryptocurrency includes about $5.8 million seized by Binance, a major cryptocurrency exchange, in April, as well as several other seizures at different exchanges, Chainalysis said. The firm didn’t identify the other exchanges, but said the FBI was involved in all of the cases.
The FBI, which has previously publicly linked the Axie Infinity hack to North Korea, didn’t immediately respond to a request for comment.
North Korea’s mission to the United Nations didn’t respond to a request for comment Thursday.
North Korean hackers have for years relied on cybercrimes such as hacking banks or cryptocurrency exchanges or extorting victims with ransomware to generate cash to support the country’s nuclear weapons programs, in violation of international sanctions, Western officials and analysts say.
In July, the U.S. Justice Department said it had clawed back about half a million dollars of cryptocurrency that a hospital in Kansas paid last year to the same North Korea hacking group. Chainalysis estimates that North Korea has already pilfered more than $1 billion from decentralized finance protocols, though much of it is likely sitting idle due to the challenge of converting it to fiat cash, Ms. Plante said.
The Axie Infinity recovery represents a shift in law enforcement’s ability to trace funds through a web of so-called crypto addresses, the virtual accounts where cryptocurrencies are stored. These addresses can be created quickly without them being linked to a cryptocurrency company that could freeze the funds.
In its effort to mask the stolen crypto, Lazarus Group used more than 12,000 different addresses, according to Chainalysis. Unlike bank transactions that happen through private networks, movement between crypto accounts is visible to the world on the blockchain.
Advanced blockchain-monitoring tools and cooperation from centralized crypto exchanges enabled the FBI to trace the crypto to where Lazarus Group tried to cash out, investigators said.
Accounting for price fluctuations, the recovered funds are about a 10th of the sum stolen in the March attack, which was the second-largest crypto hack on record at the time. The alleged North Korean operatives targeted a so-called bridge that allows funds to flow between the Ethereum Network, one of the largest blockchains, and the Ronin Network that powers the Axie Infinity game. This enabled them to drain the ether cryptocurrency and the USDC stablecoin.
“A lot of these bridges operate on blockchains that are a bit more obscure and a bit more new,” said Arda Akartuna, a cryptocurrency threat analyst at blockchain analytics firm Elliptic. “If you find a vulnerability, then you potentially manage to hack a large amount.”
Illicit actors obfuscate funds to throw investigators and exchanges off the trail by running them through so-called mixers, which blend stolen funds with those from others, making it difficult to trace the funds’ origin. The Lazarus Group used Tornado Cash, a mixer recently sanctioned by the Treasury Department, before moving the funds to other cryptocurrency blockchains.
Though the amount of money recovered is small compared with North Korea’s overall haul, experts said it represented significant progress in law enforcement’s ability to complicate the regime’s efforts to rely on cryptocurrency to fill its coffers.
“In the past when North Korea stole money from a crypto exchange, that money was gone,” Ms. Plante said. “You didn’t expect to get any of it back.”
Write to Dustin Volz at [email protected] and Caitlin Ostroff at [email protected]
Read also:
- WORLDVIEW: SA experience offers a way to disarm North Korea’s growing nuclear threat
- CrypTalk ep 6 – Tornado Cash sanctions, mixing services and how to keep and move your crypto safely
- Bad news for crypto – ISIS explores NFTs for funding
