Approximately 30 million dollars stolen by the Lazarus Group, an organization with ties to North Korea, from Axie Infinity have been recovered by US authorities. This is the first time that digital assets taken by the threat actor have been found and confiscated.
Chainalysis’ senior director of investigations, Erin Plante, says that the seizures constitute about 10% of the total amount stolen from Axie Infinity (taking into account price differences between the time when the funds were stolen and the time when they were seized) and demonstrate that bad actors are having a harder time cashing out their ill-gotten crypto gains.
How Did the Hackers Launder the Money?
By using DeFi services such as crypto bridges to chain-hop and transfer digital assets across chains, attackers are hiding the trail of cash after blocklisting caused them to abandon the mixer.
Chainanalysis said the US government was able to recover $30M from Lazarus Group wallets, money linked to the hack of crypto game Axie Infinityhttps://t.co/nLAYHNPQwU pic.twitter.com/QslPTSzXNF
— Catalin Cimpanu (@campuscodi) September 8, 2022
In order to launder the stolen money, the hacker switched between many different cryptocurrencies at once, according to Plante. He said that ETH was bridged from the Ethereum chain to the BNB chain and then traded for USDD on the BitTorrent chain via USDD.
I remember this hack. US finally recovers over $30M in crypto stolen by North Korean hackers. Get these fools! #btc #ETH #AxieInfinity
— JRE (@jreentertain) September 8, 2022
North Korea’s Lazarus Group has a long history of espionage and generating revenue through attacks on financial institutions, one of the most well-known advanced persistent threats (APTs).
In addition to helping law enforcement locate and recover ill-gotten cryptocurrency cash, the crypto recovery illustrates how far they have come in their capacity to prosecute various cybercrimes.
According to the Justice Department, a North Korean hacker group was reported to have stolen $500,000 worth of Bitcoin in late July. The group had been demanding digital payments from healthcare organizations in the form of the new Maui ransomware strain.
***
