A group of hackers linked to North Korea is responsible for the theft of 620 million dollars (573 million euros) in cryptocurrencies which followed the hacking of the video game Axie Infinity at the end of March, American authorities accused Thursday.
“Through our investigation, we were able to confirm that the Lazarus Group and APT38, online actors associated with North Korea, were responsible for the theft of $620 million in ethereum reported on March 29,” the FBI said in a statement. a press release, without giving any details.
The Ronin network, used for the online game Axie Infinity, has been the victim of one of the biggest computer attacks involving cryptocurrencies. Axie Infinity is a blockchain-based game, a decentralized digital ledger that cannot be changed. It allows you to earn money in the form of NFTs, digital tokens, without the mediation of banks.
Created in 2018 by Sky Mavis, a firm based in Vietnam, the game Axie Infinity has exploded in developing countries. Around 35% of traffic and the majority of the 2.5 million daily active players are based in the Philippines. The hackers exploited weaknesses in the structure put in place by Sky Mavis. The firm thus used a so-called “lateral” blockchain to ethereum, which allows it to manage its own internal transaction system, without resorting to ethereum for each of them. The system was thus faster and cheaper, but less secure. It is this side system that has been hacked, allowing hackers to appropriate the amounts raised by players.
“Today, the FBI attributed the North Korea-based Lazarus Group to the Ronin validator security breach,” the network said in updates. The US government, specifically the Treasury Department, sanctioned the address that received the stolen funds, it is explained. The Lazarus group and the names of the networks affiliated with it – “Appelworm”, “the new romantic cyber army team”, “zinc”, or even “APT-C626” – have been included by the US Treasury on the list of interlocutors with which any transaction is prohibited.
For years, North Korea has earned a solid reputation in cybercrime. And since few North Koreans have access to computers or the Internet, the hand of the single ruling party inevitably hangs over these very high-potential hackers. They would even be recruited from an early age, and trained in order to participate in the state enterprise. Their abilities to harm came to light in 2014, when Sony Pictures Entertainment studios were hacked by a group calling themselves “peacekeepers” to prevent the release of a spoof film about North Korean leader Kim Jong Un. Korean. Two years later, the group, which renamed itself Lazarus Group, targeted the Bangladesh Bank and other financial institutions in the country, but it is above all on the backs of the “little ones” that it thrives, by ransoming daily individuals and businesses. With cryptocurrencies soaring in the markets, they offered them much more lucrative ground.
In Korea, a state cybercrime to finance the regime
According to a US military report in 2020, North Korea has a military cyber warfare unit, “Office 121”. It would have 6,000 members who also operate from abroad, notably from Belarus, China, India, Malaysia or Russia, and part of its missions would be to steal cryptocurrencies, to finance the regime. , and in particular the costly military research demanded by Kim Jong Un.
Hackers linked to North Korea stole around $400 million in cryptocurrencies through cyberattacks in 2021, data analytics platform Chainalysis claimed in January. The year had been marked by the theft of 611 million in tokens, by hackers who had returned a tiny part of it.
As a bridgehead on the sanctions imposed on North Korea, the United States is very vigilant. On Tuesday, a former Ethereum Foundation researcher was sentenced to five years and three months in prison by a Manhattan court for conspiring to help North Korea evade US sanctions by using cryptocurrencies.
Griffith, who has a doctorate from the California Institute of Technology, traveled to North Korea via China in April 2019 to present at the Pyongyang Blockchain and Cryptocurrency Conference, although the Department of US state denied him permission to go, prosecutors say. “The most important feature of blockchains is that they are open. And the Democratic People’s Republic of Korea cannot be left out no matter what the United States or the UN says,” Griffith said during the presentation.