North Korea is responsible for the 540 million dollar (500 million euro) “cyberheist” that targeted the Ronin cryptocurrency network at the end of March, the FBI said on Thursday (April 14th). This network is the one on which relies Axie Infinitya video game with millions of players and in which you can earn money.
“Through our investigation, we were able to confirm that the Lazarus Group and APT38, online actors associated with North Korea, were responsible for the theft. (…) reported March 29”assured the FBI in a brief statement, which does not provide any tangible evidence to support this statement.
Axie Infinity is a blockchain-based game, a decentralized digital ledger that cannot be changed. It allows you to earn money in the form of NFTs, digital tokens. Created in 2018 by Sky Mavis, a company based in Vietnam, the game is very popular in some countries, especially the Philippines, which concentrates 35% of the traffic and the majority of the 2.5 million daily active players. Sky Mavis held at “thank the police who assisted us in this investigation” and claimed to have begun to put additional security measures in place.
The hackers managed to exploit flaws in the system that allowed the game’s electronic money to be converted into traditional cryptocurrency, thus carrying out large fraudulent transactions, for a total amount of 173,600 ethers (ETH) and more than 25 million ‘USD coin (a cryptocurrency whose price is modeled on the US dollar). The firm used a so-called blockchain “lateral” to ethereum, which allows it to manage its own system of internal transactions, without resorting to ethereum for each of them. The system was thus faster and cheaper, but less secure.
North Korea, specialist in cryptocurrency theft
This theft is one of the most important “cyberheists” in history. And it would not be surprising if it could have been orchestrated by North Korea. Struck for years by heavy sanctions which severely limit its participation in the global economy and finance, the hermit country uses its state hackers to finance its regime.
Pyongyang would thus have several hundred to several thousand hackers, according to estimates, installed in North Korea but also in Asian countries, in particular in China, where access to the Internet is much less restricted.
Lazarus, the name given by the cybersecurity industry to the nebula bringing together the various groups of computer hackers working for North Korea, has been sanctioned and sued on several occasions by the United States. These pirates are thus accused of having carried out a myriad of offensives targeting South Korea since the mid-2000s, but their first major international coup was the hacking of Sony Pictures studios, in retaliation for the satirical film on North Korea The interview that kills!. According to many experts and the American justice, the hackers of Lazarus are also responsible for the malicious software WannaCry, a ransomware which had spread on hundreds of thousands of computers in the world in 2017.
In recent years, North Korean hackers have focused on cryptocurrencies. At the beginning of 2021, the American justice indicted three members of the General Reconnaissance Bureau, one of the entities of the North Korean military intelligence services, accusing them of having stolen tens of millions of dollars in cryptocurrencies.
Even for these specialized hackers, the amount stolen from the Ronin network is extremely high. The more than 500 million dollars which would have been recovered here by the North Korean pirates indeed represents a larger sum than all that they stole during the year 2021, in this case 400 million dollars, according to cryptocurrency feed company Chainalysis.
The hackers behind the hijacking will now have to deal with one of the main challenges for cryptocurrency thieves: laundering their loot. A challenge, now that the investigators claim to have identified them. The address determined as belonging to the pirates by the American authorities still had, on Friday, the equivalent of more than 445 million dollars (411 million euros) in cryptocurrency ether.