US accuses North Korean hackers for $600 Axie Infinity theft

US accuses North Korean hackers for $600 Axie Infinity theft

The US authorities say that the North Korea-linked advanced persistent groups (APT) known as Lazarus Group and APT38 are responsible for the March 2022 theft of over $600 in cryptocurrency from the Ronin network used for the Axie Infinity blockchain-based game.

Last week, the US Treasury Department announced sanctions against Lazarus and tied the group to the heist, dubbed the Ronin Validator Security Breach, through the Ethereum address that received stolen funds and was identified as belonging to Lazarus.

According to the London-based blockchain analysis provider Elliptic, the attackers have managed to launder 18% of their stolen funds as of April 14.

“First, the stolen USDC was swapped for ETH through decentralized exchanges (DEXs) to prevent it from being seized. Tokens such as stablecoins are controlled by their issuers, who in some cases can freeze tokens involved in illicit activity,” Elliptic explained.

“By converting the tokens at DEXs, the hacker avoided the AML and KYC checks performed at centralized exchanges. This is an increasingly common tactic seen in hacks of this type.”

The US State Department announced that it offers rewards of up to $5 million “for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support WMD proliferation.”

Back to the list

Latest Posts

Police crackdown shuts down major Kidflix platform hosting child sexual abuse material

Police crackdown shuts down major Kidflix platform hosting child sexual abuse material

As a result of the operation, 79 arrests were made, 1,393 suspects identified, and over 3,000 electronic devices seized.
2 April 2025
Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

The campaign could involve over 1,500 compromised systems.
2 April 2025
DPRK IT worker threat expands beyond the US, focuses on Europe

DPRK IT worker threat expands beyond the US, focuses on Europe

The schemes come with new tactics, including extortion campaigns and corporate virtualized infrastructure compromises.
2 April 2025