With the help of blockchain analysts and FBI agents, the U.S. government seized $30 million worth of cryptocurrency stolen by the North Korean threat group ‘Lazarus’ from the token-based ‘play-to-earn’ game Axie Infinity earlier in the year.
The news about the retrieval was announced during the AxieCon event today, where the hosts highlighted it as a community achievement and the result of a large-scale collaboration between multiple law enforcement authorities and private entities.
This is the first time stolen cryptocurrency has been seized from a North Korean hacking group, and according to a Chainalysis report, which had active involvement in the retrieval, it won’t be the last.
“Chainalysis Crypto Incident Response team played a role in these seizures, utilizing advanced tracing techniques to follow stolen funds to cash out points and liaising with law enforcement and industry players to quickly freeze funds,” the company reports.
The seized money will gradually move into Axie Infinity’s treasury and back to the players’ community, but the game’s publishers explained this process might take several years.
Lazarus laundering effort
As Chainalysis explains, the Korean hackers followed a typical five-stage laundering process laid down below:
Send stolen Ether to intermediary wallets
Mix Ether in batches using Tornado Cash
Swap Ether for Bitcoin
Mix Bitcoin with batches
The recent sanctions imposed by the U.S. Department of the Treasury on Tornado Cash forced Lazarus to use alternatives for the remaining one-third of the stolen funds, using bridges between blockchains to obscure movements.
Chainalysis was able to track this “chain-hopping” and trace all of the attempted crypto swaps, helping law enforcement authorities freeze and retrieve part of the funds.
Lazarus in law enforcement’s crosshairs
The total financial damage caused by Lazarus’ Axie Infinity hack is estimated to be $620 million, so the recovered amount represents only about 5% of that value and 10% of the cryptocurrency amount.
However, the blow for Lazarus is still significant, as it signifies that stolen digital assets aren’t easy to move around, launder, and eventually cash out into fiat money.
Since Lazarus is one of the world’s most sophisticated and skillful threat actors, the message sent by law enforcement has also rippled across the entire DeFi hacking community.
Chainalysis comments that most of the stolen funds from Axie Infinity remain unspent in cryptocurrency wallets, and the threat actor is running out of reliable options for cashing out.
Hence, the New York-based blockchain analysis firm is confident that more seizures and retrievals will follow in the upcoming years.