The US Treasury Department has argued that the North Korean hacker group Lazarus is linked to the theft of more than $600 million in cryptocurrencies from Ronin Bridge, linked to Axie Infinity.
U.S. in pursuit of North Korean hackers
The US Treasury Department first noted that the hack was related to the Lazarus group. The Treasury has updated its sanctions list in order to add a cryptocurrency address used during the hack. These updates “ confirm that the North Korean hacker group is behind the March hack ”, blockchain data company Chainalysis said on Twitter. It is therefore almost impossible for Axie Infinity to recover this money.
We can read on the official press release from the US Treasuryicain : « Pyongyang, Korea, North; Address of the digital currency – ETH (the address); Risk of secondary sanctions: North Korea Sanctions Regulations, articles 510.201 and 510.210; Transactions prohibited to persons owned or controlled by US financial institutions: North Korea Sanctions Regulations, articles 510.214 [RPDC3] ».
At the time of writing this article, the wallet mentioned by the US government includes 144,837 ethers. Or a value of $ 434 million. In 2021, North Korea’s crypto theft was estimated at $400 million.
« The FBI continues to fight hackers, including the threat posed by the Democratic People’s Republic of Korea to the United States and our private sector partners ”, the statement said. By referring to North Korea by its official name.
« Thanks to our investigation, we were able to confirm that the Lazarus Group and APT38, cyberactors associated with the DPRK, are responsible for the theft of $620 million in ether reported on March 29. The FBI, in coordination with the Treasury and other partners of the US government, will continue to expose and combat thees Illegal activities of the DPRK. Including cybercrime and cryptocurrency theft, to generate income for the regime. »
Tracking down money laundering in crypto
A Treasury spokesman said the department had been working with the FBI to investigate the Lazarus Group. As well as on the Advance Persistent Threat 38, another North Korean hacker group.
« The identification of the wallet will make it clear to other venture capitalists that by conducting transactions with him, they risk exposing themselves to US sanctions. This demonstrates the commitment of the Treasury to use alls the means available to disrupt hackers and block ill-gotten criminal products ”, the spokesman said.
« There may be mandatory secondary sanctions requirements for persons who knowingly engage, directly or indirectly, in money laundering. As well asthe counterfeiting of goods or currency, the smuggling of cash or the trafficking of narcotics that support the Government of North Korea or any high-ranking official or person acting for or on behalf of that government. »
The hackers were also responsible for the hacking of Sony Pictures in 2014, according to an old statement from the authorities. North Korea has long denied allegations of orchestrating cyberattacks and cyberheists.
The concern of the US authorities who investigated what happened is that, now, these cryptocurrencies can be laundered and that they can be used for war purposes. They could also help lay the foundation for the country’s nuclear program. In this case, too, as with the situation between Russia and Ukraine, we are faced with a hybrid scheme. Cyber activity can be functional for the military purposes of a sovereign nation.
It is important to follow this type of event to first of all better protect cryptocurrency and blockchain users. But also to prevent money laundering in cryptocurrency, this type of activity obviously harming the image of cryptocurrencies. Fortunately, the transparency that the blockchain offers makes it easier for authorities to follow up.
Receive a digest of the news in the world of cryptocurrencies by subscribing to our new service of
daily and weekly so you don’t miss anything essential Cointribune!Observer of the monetary, economic and social revolution.