18 April 2022

US accuses North Korean hackers for $600 Axie Infinity theft


US accuses North Korean hackers for $600 Axie Infinity theft

The US authorities say that the North Korea-linked advanced persistent groups (APT) known as Lazarus Group and APT38 are responsible for the March 2022 theft of over $600 in cryptocurrency from the Ronin network used for the Axie Infinity blockchain-based game.

Last week, the US Treasury Department announced sanctions against Lazarus and tied the group to the heist, dubbed the Ronin Validator Security Breach, through the Ethereum address that received stolen funds and was identified as belonging to Lazarus.

According to the London-based blockchain analysis provider Elliptic, the attackers have managed to launder 18% of their stolen funds as of April 14.

“First, the stolen USDC was swapped for ETH through decentralized exchanges (DEXs) to prevent it from being seized. Tokens such as stablecoins are controlled by their issuers, who in some cases can freeze tokens involved in illicit activity,” Elliptic explained.

“By converting the tokens at DEXs, the hacker avoided the AML and KYC checks performed at centralized exchanges. This is an increasingly common tactic seen in hacks of this type.”

The US State Department announced that it offers rewards of up to $5 million “for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support WMD proliferation.”

Back to the list

Latest Posts

What is Vulnerability Management? A Beginner's Guide

What is Vulnerability Management? A Beginner's Guide

In this article will try to cover basics of vulnerability management process and why it is important to every company.
11 September 2024
Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024