Connect with us

Business

US recovers $30 million stolen from Axie Infinity by Lazarus hackers

Published

on

With the help of blockchain analysts and FBI agents, the U.S. government seized $30 million worth of cryptocurrency stolen by the North Korean threat group ‘Lazarus’ from the token-based ‘play-to-earn’ game Axie Infinity earlier in the year.

The news about the retrieval was announced during the AxieCon event today, where the hosts highlighted it as a community achievement and the result of a large-scale collaboration between multiple law enforcement authorities and private entities.

This is the first time stolen cryptocurrency has been seized from a North Korean hacking group, and according to a Chainalysis report, which had active involvement in the retrieval, it won’t be the last.

“Chainalysis Crypto Incident Response team played a role in these seizures, utilizing advanced tracing techniques to follow stolen funds to cash out points and liaising with law enforcement and industry players to quickly freeze funds,” the company reports.

The seized money will gradually move into Axie Infinity’s treasury and back to the players’ community, but the game’s publishers explained this process might take several years.

Snapshot from today's AxieCon event stream
Snapshot from today’s AxieCon event stream

Lazarus laundering effort

As Chainalysis explains, the Korean hackers followed a typical five-stage laundering process laid down below:

  • Send stolen Ether to intermediary wallets
  • Mix Ether in batches using Tornado Cash
  • Swap Ether for Bitcoin
  • Mix Bitcoin with batches

The recent sanctions imposed by the U.S. Department of the Treasury on Tornado Cash forced Lazarus to use alternatives for the remaining one-third of the stolen funds, using bridges between blockchains to obscure movements.

Chainalysis was able to track this “chain-hopping” and trace all of the attempted crypto swaps, helping law enforcement authorities freeze and retrieve part of the funds.

One of the numerous chain-hopping moves attempted by Lazarus
One of the numerous chain-hopping moves attempted by Lazarus (Chainalysis)

Lazarus in law enforcement’s crosshairs 

The total financial damage caused by Lazarus’ Axie Infinity hack is estimated to be $620 million, so the recovered amount represents only about 5% of that value and 10% of the cryptocurrency amount.

However, the blow for Lazarus is still significant, as it signifies that stolen digital assets aren’t easy to move around, launder, and eventually cash out into fiat money.

Since Lazarus is one of the world’s most sophisticated and skillful threat actors, the message sent by law enforcement has also rippled across the entire DeFi hacking community.

Chainalysis comments that most of the stolen funds from Axie Infinity remain unspent in cryptocurrency wallets, and the threat actor is running out of reliable options for cashing out.

Hence, the New York-based blockchain analysis firm is confident that more seizures and retrievals will follow in the upcoming years.

Source: https://www.bleepingcomputer.com/news/security/us-recovers-30-million-stolen-from-axie-infinity-by-lazarus-hackers/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO