Crypto Robbery, more than $600 Million Stolen

27 Apr Crypto Robbery, more than $600 Million Stolen

North Korean hackers allegedly stole more than $600 million in bitcoin in a single attack.

The FBI blamed North Korean government hackers on April 14 for stealing more than $600 million in bitcoin from a video game company last month, the latest in a succession of daring cyber heists linked to Pyongyang.

Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK (North Korea), are responsible for the theft of $620 million in Ethereum reported on March 29th.

FBI Statement

The FBI referred to the recent hack of Axie Infinity’s computer network, which allows gamers to earn cryptocurrency. Unidentified hackers stole the equivalent of about $600 million — estimated at the time of the hack’s detection — on March 23 from a “bridge,” or network that allows users to transmit cryptocurrency from one blockchain to another, according to Sky Mavis, the business that produced Axie Infinity.

The US Treasury Department sanctioned Lazarus Group, a large group of hackers suspected of working for the North Korean government, on April 14. The precise “wallet,” or bitcoin address that was utilized to cash out on the Axie Infinity hack, was sanctioned by the Treasury Department.
According to a United Nations panel and independent cybersecurity experts, cyberattacks have been a significant source of cash for the North Korean state for years as its leader, Kim Jong Un, pursued nuclear weapons.
North Korea is reported to have launched its first intercontinental ballistic missile in more than four years last month.

According to Chainalysis, a company that records digital currency transactions, the Lazarus Group has stolen an estimated $1.75 billion in cryptocurrencies in recent years.

A hack of a cryptocurrency business, unlike a retailer, for example, is essentially bank robbery at the speed of the internet and funds North Korea’s destabilizing activity and weapons proliferation.

Ari Redbord, head of legal affairs at TRM Labs

While much of the focus of cybersecurity specialists have been on Russian hacking in the wake of the Ukraine conflict, alleged North Korean hackers have been far from silent.
Last month, Google researchers revealed two suspected North Korean cyber attempts aimed at US media and IT businesses and the bitcoin and financial technology industries.

Google notifies users who state-sponsored hackers target.
Suppose a Google user has “any link to being active in Bitcoin or cryptocurrencies” and receives a warning from Google about state-backed hacking. In that case, it nearly invariably turns out to be North Korean activity, according to Shane Huntley, who leads Google’s Threat Analysis Group.