A North Korean-linked hacker group is responsible for the theft of $ 620 million (€ 573 million) in cryptocurrencies following the hacking of the Axie Infinity video game in late March, US authorities accused Thursday.
“Through our investigation, we were able to confirm that the Lazarus Group and APT38, online actors associated with North Korea, were responsible for the reported theft of $ 620 million in Ethereum on March 29,” the FBI said in a press release. , without giving any details.
The Ronin Network, used for the Axie Infinity online game, has been the victim of one of the largest cyber attacks involving cryptocurrencies. Axie Infinity is a blockchain-based game, a decentralized digital ledger that cannot be changed. It allows you to earn money in the form of NFTs, digital tokens, without the intermediation of banks.
Created in 2018 by Sky Mavis, a company based in Vietnam, the Axie Infinity game has exploded in developing countries. About 35% of the traffic and most of the 2.5 million daily active players are based in the Philippines. The hackers exploited the weaknesses of the structure put in place by Sky Mavis. The company has therefore used a so-called “side” blockchain to ethereum, which allows it to manage its own internal transaction system, without resorting to ethereum for each of them. The system was therefore faster and cheaper, but less secure. It is this side system that has been breached, allowing hackers to steal the amounts collected from players.
“Today, the FBI attributed the North Korea-based Lazarus Group to breaching the security of the Ronin validator,” the network said in updates. The US government, especially the Treasury Department, has sanctioned the address that received the stolen funds, it explains. The Lazarus group and the names of its affiliated networks – “Appelworm”, “the new romantic cyber army team”, “zinc”, or even “APT-C626” – have been included by the US Treasury in the list of interlocutors with which it is prohibited. any transaction.
For years, North Korea has earned a solid reputation for cybercrime. And since few North Koreans have access to computers or the Internet, the hand of the only ruling party inevitably hangs over these high-potential hackers. They would even be recruited from an early age and trained to participate in the state-owned enterprise. Their abilities to harm first surfaced in 2014 when Sony Pictures Entertainment studios were hacked by a group calling themselves “peacemakers” to prevent the release of a parody film about North Korean leader Kim Jong Un. Korean. Two years later, the group, which has renamed itself the Lazarus Group, has targeted the Bangladesh Bank and other financial institutions in the country, but it is above all on the shoulders of the “little ones” that it thrives, redeeming individuals and businesses on a daily basis. With cryptocurrencies on the rise in the markets, they have offered them much more profitable ground.
In Korea, a state cyber crime to finance the regime
According to a US military report in 2020, North Korea has a military cyberwarfare unit, “Office 121”. It would have 6,000 members also operating from abroad, particularly from Belarus, China, India, Malaysia or Russia, and part of its missions would be to steal cryptocurrencies, finance the regime, and especially the expensive military research required by Kim Jong Un.
North Korea-linked hackers stole around $ 400 million worth of cryptocurrencies through cyberattacks in 2021, data analytics platform Chainalysis said in January. The year was marked by the theft of 611 million tokens, by hackers who had returned a very small part.
As a bridgehead on the sanctions imposed on North Korea, the United States is very vigilant. On Tuesday, a former Ethereum Foundation researcher was sentenced to five years and three months in prison by a Manhattan court for conspiring to help North Korea evade US sanctions using cryptocurrencies.
Griffith, who has a doctorate from the California Institute of Technology, traveled to North Korea via China in April 2019 to present at the Blockchain and Cryptocurrency Conference in Pyongyang, although the US State Department denied him permission. to go, prosecutors say. “The most important feature of blockchains is that they are open. And the Democratic People’s Republic of Korea cannot be ruled out, regardless of what the United States or the United Nations says, “Griffith said during the presentation.