US Says North Korean Lazarus Group Carried Out Huge Crypto Theft

The United States has pointed the finger of blame at a notorious North Korean hacking outfit, the Lazarus Group for the largest ever cryptocurrency heist.

Last month a gaming-focused blockchain network admitted hackers had stolen over $615m in USDC (a US dollar pegged stablecoin) and ethereum on 23 March.

Axie Infinity’s Ronin Network made the admission in a blog post, and the $615m loss surpasses the $611 million hack of decentralised finance, or DeFi, Poly Network in August 2021.

Lazarus Group

The Ronin Network supports the popular blockchain game Axie Infinity, which lets users earn money as they play.

In the aftermath of the hack, the Ronin Network said that most of the hacked funds were still in the hacker’s wallet.

But now this week the US Treasury Department has linked the North Korean hackers to the Ronin Network theft, after it identified a digital currency address used by the hackers as being under the control of Lazarus.

“The United States is aware that the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs as it tries to evade robust US and UN sanctions,” a Treasury Department spokesperson was quoted by Reuters as saying.

DPRK stands for Democratic People’s Republic of Korea (i.e. North Korea).

The US Treasury spokesperson warned that those transacting with the wallet risk exposure to US sanctions.

Outside confirmation

Chainalysis tweeted that the US designation confirmed that North Korea was behind the break-in, after the US Treasury’s Office of Foreign Assets Control (OFAC) announced new sanctions and listed the owner of this address as the Lazarus Group.

In January Chainalysis said hackers based in North Korea had stolen nearly $400 million (£292m) in cryptocurrencies during 2021.

Those hackers mainly targeted investment firms and centralised exchanges, using phishing lures, social engineering techniques and technical security exploits to steal funds from “hot” or internet-connected wallets, Chainalysis said earlier this year.

Meanwhile tracing firm Elliptic in a blog post this week also said the US has identified Lazarus as the culprits, and estimated that 14 percent of the stolen funds had already been laundered by Thursday.

North Korean intelligence

Meanwhile an updated post on the official Ronin blog said that the FBI had attributed the hack to the Lazarus Group and that the US Treasury Department has sanctioned the address that received the stolen funds.

The United States says the Lazarus group is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau.

Lazarus Group is best known for its attacks on Sony Pictures Entertainment in 2014 and for the widespread Wannacry malware attack in May 2017.

The group has also been accused of hacking of international banks and customer accounts.

The United States is pushing the UN Security Council to blacklist the Lazarus Group and freeze its assets, according to a draft resolution reviewed by Reuters on Wednesday.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Facebook Demands Old FTC Documents In Antitrust Battle

Fresh development in Meta's battle against US regulator, seeking to force Facebook to divest itself…

2 hours ago

Fate Of Newport Wafer Fab Uncertain, As Government Delays Sale Decision

Government delays decision over whether the UK's largest maker of chips can be purchased by…

3 hours ago

Amazon Faces UK Investigation For Suspected Anti-competitive Practices

Another probe. Busy week for the UK's CMA after it confirms investigation of Amazon over…

20 hours ago

UK Regulator Begin Probe Of Microsoft’s Activision Buyout

The CMA confirms start of investigation into Microsoft's $69 billion purchase of leading gaming holding…

21 hours ago

Online Safety Bill Tweak To Combat Russian Misinformation

Foreign interference and misinformation to be designated a priority offence under Online Safety Bill, the…

22 hours ago