Blockchain analysts and the FBI helped to retrieve $30m worth of crypto North Korean hacker collective Lazarus Group stole from Axie Infinity in the Ronin exchange hack.
The seizure marks the first time authorities managed to snag at least some of the stolen funds from the North Korean hacker collective, Erin Plante, the senior director of investigations at blockchain analysis firm Chainalysis, claims.
Lazarus Group carried out one of the biggest crypto heists in history, siphoning $625m worth of dollar-pegged stablecoins and Ethereum (ETH) cryptocurrency from the Ronin exchange.
Threat actors took some of the funds from Axie Infinity, a decentralized game built on the Ronin Network. The $30m authorities managed to retrieve will be returned to Axie Infinity.
“The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized) and demonstrate that it is becoming more difficult for bad actors to successfully cash out their ill-gotten crypto gains,” Plante wrote in a blog post.
He also explained that Lazarus Groups hacked the exchange by accessing the private keys of Ronin Network validators and using them to withdraw funds. Hackers employed the recently sanctioned Tornado Cash mixer to launder most of the funds.
North Korean hackers
North Korea employs cybercrime to finance its dictatorship, which runs a country mostly closed off from the outside world.
While Lazarus Group is almost certainly a state-sponsored actor, its primary goals are often financial. Hacker groups operated by state intelligence services often focus more on espionage.
According to Chainalysis, North Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly $400m worth of digital assets last year. This year, researchers claim, North Korea-linked groups have stolen close to $1b worth of crypto from various DeFi protocols.
A United Nations panel of experts monitoring North Korea’s sanctions has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.
More from Cybernews:
Subscribe to our newsletter