U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers

U.S. Seizes Cryptocurrency

More than $30 million worth of cryptocurrency plundered by the
North Korea-linked Lazarus Group from online video game Axie
Infinity has been recovered, marking the first time digital assets
stolen by the threat actor have been seized.

“The seizures represent approximately 10% of the total funds
stolen from Axie Infinity (accounting for price differences between
time stolen and seized), and demonstrate that it is becoming more
difficult for bad actors to successfully cash out their ill-gotten
crypto gains,” Erin Plante, senior director of investigations at
Chainalysis, said[1].

The development arrives more than five months after the crypto hack[2]
resulted in the theft of $620 million from the decentralized
finance (DeFi) platform Ronin Network, with the attackers
laundering a majority of the proceeds – amounting to $455 million –
through the Ethereum-based cryptocurrency tumbler Tornado Cash.

CyberSecurity

The March 2022 cryptocurrency heist resulted in losses totaling
173,600 ETH worth about $594 million at the time and $25.5 million
in USDC stablecoin, making it the biggest cryptocurrency theft to
date.

Although Tornado Cash has emerged as a popular tool for
anonymizing virtual currency transactions, its abuse by malicious
actors such as the Lazarus Group to cash out the illicitly obtained
assets has landed it in the crosshairs of the U.S. government,
which imposed sanctions[3]
against the service last month.

The blockchain analytics firm said that the blocklisting forced
the adversary to move away from the mixer in favor of DeFi services
such as crypto bridges[4]
to chain hop and move digital assets between chains in a bid to
obscure the trail of funds.

“The hacker bridged ETH from the Ethereum blockchain to the BNB
chain and then swapped that ETH for USDD, which was then bridged to
the BitTorrent chain,” Plante said, detailing the switch between
several different kinds of cryptocurrencies in a single transaction
to launder the stolen funds.

CyberSecurity

The Lazarus Group[5]
is a prolific advanced persistent threat (APT) that’s driven by
efforts to support North Korea’s operational goals, which comprises
espionage[6]
and generating revenue for the sanctions-hit nation by striking
financial institutions. Most of the cyber operations are conducted[7]
by elements within the Reconnaissance General Bureau.

The seizure also comes as six users of Tornado Cash, including
Coinbase employees, filed a lawsuit[8]
this week against the U.S. Treasury Department, Treasury Secretary
Janet Yellen, and other officials over their decision to slap
sanctions on the platform.

References

  1. ^
    said
    (blog.chainalysis.com)
  2. ^
    crypto
    hack
    (thehackernews.com)
  3. ^
    imposed
    sanctions
    (thehackernews.com)
  4. ^
    crypto bridges
    (ethereum.org)
  5. ^
    Lazarus
    Group
    (thehackernews.com)
  6. ^
    espionage
    (thehackernews.com)
  7. ^
    conducted
    (www.mandiant.com)
  8. ^
    filed a
    lawsuit
    (www.cnbc.com)

Read more

Leave a Reply