The US authorities say that the North Korea-linked advanced persistent groups (APT) known as Lazarus Group and APT38 are responsible for the March 2022 theft of over $600 in cryptocurrency from the Ronin network used for the Axie Infinity blockchain-based game.
Last week, the US Treasury Department announced sanctions against Lazarus and tied the group to the heist, dubbed the Ronin Validator Security Breach, through the Ethereum address that received stolen funds and was identified as belonging to Lazarus.
According to the London-based blockchain analysis provider Elliptic, the attackers have managed to launder 18% of their stolen funds as of April 14.
“First, the stolen USDC was swapped for ETH through decentralized exchanges (DEXs) to prevent it from being seized. Tokens such as stablecoins are controlled by their issuers, who in some cases can freeze tokens involved in illicit activity,” Elliptic explained.
“By converting the tokens at DEXs, the hacker avoided the AML and KYC checks performed at centralized exchanges. This is an increasingly common tactic seen in hacks of this type.”
The US State Department announced that it offers rewards of up to $5 million “for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support WMD proliferation.”