US accuses North Korean hackers for $600 Axie Infinity theft

US accuses North Korean hackers for $600 Axie Infinity theft

The US authorities say that the North Korea-linked advanced persistent groups (APT) known as Lazarus Group and APT38 are responsible for the March 2022 theft of over $600 in cryptocurrency from the Ronin network used for the Axie Infinity blockchain-based game.

Last week, the US Treasury Department announced sanctions against Lazarus and tied the group to the heist, dubbed the Ronin Validator Security Breach, through the Ethereum address that received stolen funds and was identified as belonging to Lazarus.

According to the London-based blockchain analysis provider Elliptic, the attackers have managed to launder 18% of their stolen funds as of April 14.

“First, the stolen USDC was swapped for ETH through decentralized exchanges (DEXs) to prevent it from being seized. Tokens such as stablecoins are controlled by their issuers, who in some cases can freeze tokens involved in illicit activity,” Elliptic explained.

“By converting the tokens at DEXs, the hacker avoided the AML and KYC checks performed at centralized exchanges. This is an increasingly common tactic seen in hacks of this type.”

The US State Department announced that it offers rewards of up to $5 million “for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support WMD proliferation.”

Back to the list

Latest Posts

AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025
Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

The malicious actors used v0.dev to create fake login pages mimicking legitimate brands.
2 July 2025