(San Francisco) A North Korea-linked hacker group is responsible for the theft of $620 million worth of cryptocurrency that followed the Axie Infinity video game hack in late March, U.S. authorities said on Thursday.
Posted on April 14th
“Through our investigation, we were able to confirm that the Lazarus Group and APT38, online actors linked to North Korea, were responsible for the reported March 29 reported $620 million worth of Ethereum theft,” the FBI said in an explanation.
The Ronin network, used for the online game Axie Infinity, was the victim of one of the largest cryptocurrency computer attacks.
Axie Infinity is a blockchain-based game, a decentralized digital ledger that cannot be changed. It allows you to earn money in the form of NFTs, digital tokens.
Developed in 2018 by Sky Mavis, a Vietnam-based company, the game has exploded in developing countries. Around 35% of traffic and the majority of the 2.5 million daily active players are from the Philippines.
In the cyber attack on Axie Infinity, hackers exploited vulnerabilities in the structure put in place by Sky Mavis.
The company therefore used a so-called “lateral” blockchain to Ethereum, which allows it to manage its own system of internal transactions without resorting to Ethereum for each of them. The system was faster and cheaper, but less secure.
It is this ancillary system that has been hacked, allowing hackers to appropriate the funds collected from players.
According to a US military report from 2020, North Korea’s cyber warfare unit “Office 121” has 6,000 members who also operate from overseas, including Belarus, China, India, Malaysia or Russia.
John Bambenek, a threat hunter at Netenrich, a computer security firm, says the fact that North Korea has groups dedicated to stealing cryptocurrency is “unique”.
“Since North Korea is heavily sanctioned, stealing cryptocurrency for them is a matter of national security interest,” the expert said.
Sanctioned by the United States in 2019, the Lazarus Group rose to notoriety in 2014 when they were accused of hacking into the Sony Pictures Entertainment studios in retaliation for the satirical film about North Korea, The Killing Interview! “.
Hackers linked to North Korea had stolen around $400 million worth of cryptocurrencies through cyberattacks in 2021, data analysis platform Chainalysis claimed in January.