The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity’s Ronin Network last month.
On Thursday, the Treasury tied the Ethereum wallet address that received the stolen digital currency to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets Control’s (OFAC) Specially Designated Nationals (SDN) List.
“The FBI, in coordination with Treasury and other U.S. government partners, will continue to expose and combat the DPRK’s use of illicit activities – including cybercrime and cryptocurrency theft – to generate revenue for the regime,” the intelligence and law enforcement agency said in a statement.
The cryptocurrency heist, the second-largest cyber-enabled theft to date, involved the siphoning of 173,600 Ether (ETH) and 25.5 million USD Coins from the Ronin cross-chain bridge, which allows users to transfer their digital assets from one crypto network to another, on March 23, 2022.
“The attacker used hacked private keys in order to forge fake withdrawals,” the Ronin Network explained in its disclosure report a week later after the incident came to light.
By sanctioning the wallet address, the move prohibits U.S. individuals and entities from transacting with it to ensure that the state-sponsored group can’t cash out any further funds. An analysis by Elliptic has found that the actor has already managed to launder 18% of the siphoned digital funds (about $97 million) as of April 14.
“First, the stolen USDC was swapped for ETH through decentralized exchanges (DEXs) to prevent it from being seized,” Elliptic noted. “By converting the tokens at DEXs, the hacker avoided the anti-money laundering (AML) and ‘know your customer (KYC) checks performed at centralized exchanges.”
Nearly $80.3 million of the laundered funds have involved the use of Tornado Cash, a mixing service on the Ethereum blockchain designed to obscure the trail of funds, with another $9.7 million worth of ETH likely to be laundered in the same manner.
Lazarus Group, an umbrella name assigned to prolific state-sponsored actors operating on behalf of North Korean strategic interests, has a track record of conducting cryptocurrency thefts since at least 2017 to bypass sanctions and fund the country’s nuclear and ballistic missile programs.
“The country’s espionage operations are believed to be reflective of the regime’s immediate concerns and priorities, which is likely currently focused on acquiring financial resources through crypto heists, targeting of media, news, and political entities, [and] information on foreign relations and nuclear information,” Mandiant pointed out in a recent deep dive.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has painted the cyber actors as an increasingly sophisticated collective that has developed and deployed a wide range of malware tools around the world to facilitate these activities. Read more:https://bit.ly/3xyoNmc
You can also read this: Wind Turbine Giant Nordex Hit By Cyber-Attack