Feds claw back $30 million of cryptocurrency stolen by North Korean …

Posted on by

Getty Images

Cryptocurrency analytics firm Chainalysis said on Thursday that it helped the US government seize $30 million worth of digital coins that North Korean-backed hackers stole earlier this year from the developer of the non-fungible token-based game Axie Infinite.

The seizures "demonstrate that it is becoming more difficult for bad actors to successfully cash out their ill-gotten crypto gains, Erin Plante, senior director of investigations atChainalysis, wrote. We have proven that with the right blockchain analysis tools, world-class investigators and compliance professionals can collaborate to stop even the most sophisticated hackers and launderers.

The FBI attributed the theft to Lazarus, the name used to track a hacking group backed by and working on behalf of the North Korean government. According to Axie Infinity developer Sky Mavis, the hackers pulled off the transfers after gaining access to five of nine private keys held by transaction validators for the Ronin Networks cross-bridge, a dedicated blockchain for the game.

The hackers then initiated an elaborate laundering process that involved transferring funds to more than 12,000 different currency addresses in an attempt to obfuscate the stolen coins' movement.

In Thursdays post, Plante wrote:

North Koreas typical DeFi laundering technique has roughly five stages:

Chainalysis

Plante continued:

Since then, Lazarus Group has moved away from the popular Ethereum mixer, instead leveraging DeFi services to chain hop, or switch between several different kinds of cryptocurrencies in a single transaction. Bridges serve an important function to move digital assets between chains and most usage of these platforms is completely legitimate. Lazarus appears to be using bridges in an attempt to obscure source of funds. With Chainalysis tools these cross chain funds movements are easily traced.

We can use Chainalysis Storyline to see an example of how Lazarus Group utilized chain-hopping to launder some of the funds stolen from Axie Infinity:

Chainalysis

Above, we see that the hacker bridged ETH from the Ethereum blockchain to the BNB chain and then swapped that ETH for USDD, which was then bridged to the BitTorrent chain. Lazarus Group carried out hundreds of similar transactions across several blockchains to launder the funds they stole from Axie Infinity, in addition to the more conventional Tornado Cash-based laundering we covered above.

On Twitter, Ronin Networks said, It will take some time for these funds to be returned to the Treasury. Plante said that much of the stolen funds remains in wallets under the hackers control. We look forward to continuing to work with the cryptocurrency ecosystem to prevent them and other illicit actors from cashing out their funds.

More here:
Feds claw back $30 million of cryptocurrency stolen by North Korean ...

Related Posts
This entry was posted in $1$s. Bookmark the permalink.