Get all your news in one place
100’s of premium titles. One news app. Zero ads. Just $10 per month.

Who Are The Hackers Behind $625 Million Crypto Theft?

The Lazarus Group has operated for more than 10 years with the North Korean government's blessing, stealing and laundering more than $200 million in cryptocurrencies every year since 2018. getty

The U.S. Treasury Department has linked North Korean hacking group Lazarus to the recent theft of $625 million worth of cryptocurrency from the Ronin Network, an Ethereum-compatible blockchain tailored for the popular play-to-earn game Axie Infinity.

The hackers infiltrated the network last month, stealing about 173,600 ether, according to the Ronin Network, and 25.5 million USDC (a digital asset pegged to the value of the U.S. dollar and available on multiple blockchains including Ethereum and Solana). Blockchain analytics firm Elliptic says the group has managed to launder 18% of the stolen funds and continues to do so via Tornado Cash, a service that allows users to obfuscate their digital trails.

So what do we know about the culprits?

The Lazarus cyber collective has operated for more than 10 years with the North Korean government's blessing, gaining notoriety for its attack on Sony Pictures in 2014 and an $81 million heist on the Central Bank of Bangladesh.

Top cybersecurity firms Kaspersky and Symantec have also linked Lazarus to the WannaCry ransomware attack that took place in May 2017. Users’ files were held hostage, and a bitcoin ransom was demanded for their return. The ransomware hit more than 200,000 computers in 150 countries, crippling hospitals, governments and businesses, and leading to an estimated $4 billion in losses across the globe.

According to Elliptic and another blockchain intelligence firm Chainalysis, the hackers have been targeting crypto entities since at least 2018, laundering virtual currencies worth in excess of $200 million every year. A United Nations report submitted to the U.N. Security Council’s sanctions committee accused Pyongyang of using stolen funds from these attacks to support its nuclear and ballistic missile programs, Reuters reported in February.

Until last year, the majority of this activity was directed toward centralized cryptocurrency exchanges located in South Korea or elsewhere in Asia, according to Elliptic. However, in the past months, Lazarus has turned to decentralized financial services like Ronin (the company behind the network, Sky Mavis, is based in Vietnam).

Many features of the latest heist mirrored the methods used by the group in previous high-profile cases, says Elliptic, including the location of the victim, the possible use of social engineering, and the money laundering pattern. Specifically, by converting the stolen cryptocurrencies at decentralized exchanges, the hackers avoided the anti-money laundering (AML) and 'know your customer' (KYC) checks performed at centralized marketplaces—an increasingly common tactic seen in hacks of this type. Decentralized Finance protocols received 17% of all funds sent from illicit wallets in 2021, up from 2% in the previous year, according to Chainalysis.

However, part of the stolen ether was also laundered through centralized exchanges. “This strategy is uncommon for typical DeFi exploits given these exchanges’ AML obligations, though it has been observed more often in past Lazarus group-affiliated exploits,” said Elliptic.

Related Stories
North Korea, NFTs and a hit video game: inside a $500m cryptocurrency theft
Another high-profile hack has raised more questions about the vulnerabilities of the blockchain
One subscription that gives you access to news from hundreds of sites
N Korea-tied hackers executed $620m crypto heist: FBI
WASHINGTON: North Korean-tied hackers were responsible for a US$620-million cryptocurrency heist last month targeting players of the popular Axie Infinity…
North Korea-tied hackers executed $620M crypto heist: FBI
Washington (AFP) - North Korean-tied hackers were responsible for a $620-million cryptocurrency heist last month targeting players of the popular…
FBI Accuses North Korean Hackers In $620M Crypto Heist From Ronin Network
The Federal Bureau of Investigation (FBI) has accused two hacking groups believed to be operated by the North Korean government of…
Billions Are Being Wagered on Breakthrough Ethereum Revamping
One of the biggest bets in all of crypto is being wagered on the autonomously-run DeFi platform Lido Finance.
One subscription that gives you access to news from hundreds of sites
Is NFT market losing steam? Global sales volume halves in Mar
As per the CryptoSlam data, NFT global sales have dropped after their record highs in January this year. While a…