US Says North Korean Hackers Behind Axie Infinity Multi-Million Dollar Crypto Heist

US Says North Korean Hackers Behind Axie Infinity Multi-Million Dollar Crypto Heist
A representation of the cryptocurrency Bitcoin is placed on a computer motherboard in this illustration taken on June 29, 2021. Dado Ruvic/Reuters
Aldgra Fredly
Updated:

The United States said Thursday that North Korean hacking group Lazarus was responsible for the multi-million dollar cryptocurrency heist of Axie Infinity, a game in which players can earn crypto through gameplay.

“Through our investigation, we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29,” the FBI said in a statement, using the acronym for North Korea’s official name.
The U.S. Treasury Department updated its “Specially Designated Nationals List” to include the currency address that received the stolen funds and linked it to the Lazarus Group. The sanctions prohibit U.S. persons and entities from transacting with the listed address.
Ronin Network, the blockchain backing the popular crypto game Axie Infinity, said in a Thursday update that it will deliver a comprehensive post-mortem report by the end of the month.

“We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risks. [We] expect the bridge to be deployed by the end of the month,” it stated.

According to blockchain analytic group Chainalysis, Lazarus is led by North Korea’s primary intelligence agency—Reconnaissance General Bureau. The hacking group first gained notoriety from its alleged involvement in the Sony Pictures and WannaCry cyberattacks.

It stated that the group has stolen and laundered “massive sums of virtual currencies every year, typically in excess of $200 million” since 2018.
“The United States is aware that the DPRK has increasingly relied on illicit activities—including cybercrime—to generate revenue for its weapons of mass destruction and ballistic missile programs as it tries to evade robust U.S. and U.N. sanctions,” a Treasury Department spokesperson told Reuters.
On March 29, Ronin claimed that it lost 173,600 ethers (Ethereum tokens), which are worth about $589 million, and $25.5 million of USD coin, which is considered a “stablecoin” and is pegged to the U.S. dollar.

It stated that the validator nodes for Sky Mavis—the operator of Ronin and Axie Infinity—and for Axie DAO (a decentralized autonomous organization) were compromised on March 23. The attack was discovered on March 29 after a user reported being unable to withdraw Ethereum funds from the bridge.

“In order to recognize a deposit event or a withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin validators and a third-party validator run by Axie DAO,” Ronin said.

While the nine validator nodes are set up to be decentralized to limit such attacks, Ronin said the attacker “found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”

The Ronin bridge and Katana Dex, the Ronin decentralized exchange, have also been halted as a security measure as investigations continue.

Katabella Roberts contributed to this report.
Related Topics