The FBI and Treasury Department have announced that they have traced the theft of the AXIE Infinity Crypto to the North Korea-based hackers known as Lazarus Group. This is the latest in a series of attacks that Lazarus Group has carried out against cryptocurrency exchanges and investors. In this instance, the hackers used phishing emails to gain access to the exchange’s systems and then stole approximately $250,000 worth of AXIE tokens. The FBI and Treasury Department are warning investors to be vigilant against phishing attempts and to take steps to protect their accounts. They also urged exchanges to implement strong security measures to prevent such attacks from happening in the future. This incident highlights the need for greater security in the cryptocurrency industry.
The US Treasury has blacklisted the Lazarus Group, a crypto-hacking collective based in North Korea, in response to the group’s involvement in the hacking of Axie Infinity earlier this year. The brazen heist saw the group make off with more than $600 million in digital assets, making it one of the largest crypto-hacks in history. The Treasury’s decision to sanction the Lazarus Group is a strong signal that it will not tolerate such activities, and comes as the US government ramps up its efforts to crack down on nefarious actors in the cryptocurrency space. In addition to the Treasury’s actions, prosecutors have also filed charges against two members of the Lazarus Group, and are seeking to seize more than $300 million worth of assets that were stolen.
Axie Infinity is a decentralized game that runs on the Ethereum blockchain. In order to reduce transaction fees, the developers created a “sidechain” called Ronin. This sidechain is connected to Ethereum by a digital “bridge” that allows cryptocurrency to be moved between them. Unfortunately, this bridge was exploited by hackers who were able to steal 173,600 Ethereum and 25.5M USDC, which at the time of the theft was worth more than $600 million. The developers are working on a fix for the exploit, but in the meantime, users are advised to withdraw their funds from the game.
The Treasury Department’s “Specially Designated Nationals List” update includes a “digital currency address” for Lazarus Group that Etherscan currently identifies as “Ronin Bridge Exploiter,” and states “is reported to be involved in a hack targeting the Ronin bridge.” This is the first time that the US government has specifically targeted a digital currency address in this way, and it may signal a new direction in combating the financing of illicit activities. The Ronin bridge is a decentralized exchange that allows users to trade Ethereum-based assets without having to trust a central party. The attack on the Ronin bridge was first reported in December, and it is thought that the hackers were able to steal over $50 million worth of Ethereum-based tokens.
The update to the list comes after months of speculation about the origins of the Axie Infinity heist. In November of 2018, an unknown hacker gained access to the virtual wallet associated with the game and stole nearly $600,000 worth of cryptocurrency. The hacker then sent a threatening message to the game’s developers, promising to release sensitive information unless they paid a ransom. However, the developers refused to pay, and the hacker eventually released the information anyway. The incident caused a great deal of consternation among users of the game, and many began to wonder if North Korea was behind the attack. Now, it seems that their suspicions were correct.
“The FBI continues to combat malicious cyber activity including the threat posed by the Democratic People’s Republic of Korea to the US and our private sector partners,” an FBI representative told PC Gamer.
“Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th. The FBI, in coordination with Treasury and other U.S. Government partners, will continue to expose and combat the DPRK’s use of illicit activities—including cybercrime and cryptocurrency theft—to generate revenue for the regime.” Source
One of the most infamous groups of digital thieves in operation today is Lazarus Group, a team of skilled hackers said to be operating out of North Korea. In January 2021, ChainAlysis released a report alleging that Lazarus Group had stolen upwards of $400 million in digital assets over the course of the year – a staggering amount of money. However, it seems that the group has since ramped up its operations, as it has been linked to a major heist involving the popular Ethereum-based game Axie Infinity. According to reports, the hackers managed to make off with around $360,000 worth of cryptocurrency, representing a significant increase from their previous haul. This latest theft is likely to reignite concerns about Lazarus Group’s activities.
As digital game worlds become more complex, the line between “play” and “work” is becoming increasingly blurred. In the world of Axie Infinity, for example, players can earn real-world money by breeding and selling digital creatures known as Axies. However, according to a recent report by GamesRadar, some of the game’s so-called “landlords” are having difficulty finding players willing to fill quotas and help them earn profits on their NFT creatures. Sky Mavis acknowledged the issue in February when it removed daily quests in an effort to reduce the amount of SLP rewards flowing into the game.