North Korean-backed hackers lose millions to US government

The cryptocurrency space is riddled with many problems, and one big issue is the amount of theft, fraud, and security breaches that occur.

4

In March 2022, the Ronin Network, a sidechain built for the popular play-to-earn game Axie Infinity was hacked by North Korean-linked hacking group Lazarus Group. At the time, the Ronin Network explained that the security breach resulted in 173,600 Ethereum and $25.5 million in USDC ($625 million in total) were stolen after the attacker used hacked private keys in order to forge fake withdrawals.

Chainalysis, an American blockchain analysis firm, took to its blog to explain how it assisted the US government in recovering the stolen funds and the process of how the money was laundered. The Lazarus Group gained access to five of nine private keys held by transaction validators for the Ronin Network's cross-chain bridge, and with these keys, the hackers approved two withdrawal transactions - the 173,600 Ethereum and $25.5 million in USDC.

The funds were then transferred to more than 12,000 different cryptocurrency addresses, but were tracked by Chainalysis, which has boiled down the hacker's laundering process to just five stages.

1. Stolen Ether sent to intermediary wallets
2. Ether mixed in batches using Tornado Cash
3. Ether swapped for bitcoin
4. Bitcoin mixed in batches
5. Bitcoin deposited to crypto-to-fiat services for cashout

4

With the assistance of Chainalysis tracing the funds across the thousands of wallet addresses, the FBI was able to seize $30 million of the stolen funds, which represents approximately 10% of the total funds stolen from Axie Infinity when accounting for price differences between the time it was stolen and seized.

It was only last month that the US Treasury Department sanctioned the virtual currency mixer Tornado Cash, which was stage two in the North Korean-backed hacking groups' laundering strategy as the feds discovered the platform was used to launder more than $7 billion worth of virtual currency since it was created in 2019. Of that $7 billion, $455 million was connected to the Axie Infinity hack.

4

Ronin Network explained via Twitter that it will take some time before the funds are returned to the Treasury, with the remainder of the funds still being locked in accounts held by the hacking group. Furthermore, Ronin Network said it looks forward to working with the feds to recover the remaining funds.