The U.S. recovers over $30 million in crypto stolen by North Korean-linked hacker group Lazarus
As you may recall, we told you back in March about the largest crypto heist after hackers stole $615 million worth of cryptocurrency from the maker of the popular online game Axie Infinity Ronin Network. Then in April, US authorities said that North Korean state-backed hacking collective Lazarus Group was behind the theft.
Since then, US law enforcement organizations (LEOs), blockchain experts, and other organizations in the cryptocurrency industry have been working behind the scene to recover the stolen cryptocurrency.
Now, the U.S. law enforcement announced they have seized and recovered over $30 million in cryptocurrency stolen by hacker group Lazarus from Axie Infinity, crypto intelligence firm Chainalysis said on Thursday.
In a blog post, Axie Infinity said it played a role in the recovery with U.S. law enforcement and other crypto organizations, without naming them, in the first-ever recovery of stolen cryptocurrency by Lazarus. The company also estimated that the North Korea-linked groups have stolen approximately $1 billion of cryptocurrency from DeFi protocols so far in 2022.
“We estimate that so far in 2022, North Korea-linked groups have stolen approximately $1 billion of cryptocurrency from DeFi protocols.
But today I had the privilege of joining the Axie Infinity team on stage at AxieCon to deliver some good news: With the help of law enforcement and leading organizations in the cryptocurrency industry, more than $30 million worth of cryptocurrency stolen by North Korean-linked hackers has been seized. This marks the first time ever that cryptocurrency stolen by a North Korean hacking group has been seized, and we’re confident it won’t be the last.”
The FBI, Chainalysis, and North Korea’s mission to the United Nations, have not responded to requests for comment.
The seizures represent about 10% of the total funds stolen in March from Ronin Network, a sidechain built for the play-to-earn game Axie Infinity, Chainalysis said.
Back in March, Ronin Network said the exploit affected its validator nodes for Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie decentralized autonomous organization (DAO). Ronin Network explains that an attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions, as seen on Etherscan.
There has been a security breach on the Ronin Network. Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions (1 and 2). The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge.
While the Ronin sidechain has nine validators requiring five signatures for withdrawals and is meant to protect against these types of attacks, the blog post notes that “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
The company pegged the losses at 173,600 ether and 25.5 million in USDC, currently worth in excess of $625 million.