U.S. ties North Korean hacker group Lazarus to huge cryptocurrency theft

REUTERS/Dado Ruvic/Illustration/File Photo
FILE PHOTO: A representation of cryptocurrency Binance is seen in this illustration taken August 6, 2021.

WASHINGTON (Reuters) – The United States has linked North Korean hackers to the theft of hundreds of millions of dollars’ worth of cryptocurrency tied to the popular online game Axie Infinity, the U.S. Treasury Department said on Thursday.

Ronin, a blockchain network that lets users transfer crypto in and out of the game, said digital cash worth almost $615 million was stolen on March 23.

No one has explicitly assigned blame for the hack, but on Thursday the U.S. Treasury identified a digital currency address used by the hackers as being under the control of a North Korean hacking group often dubbed “Lazarus.”

“The United States is aware that the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs as it tries to evade robust U.S. and U.N. sanctions,” a Treasury Department spokesperson said, using the initials of North Korea’s official name.

The spokesperson warned that those transacting with the wallet risk exposure to U.S. sanctions.

Blockchain analytics firms including Chainalysis and Elliptic said the designation confirmed that North Korea was behind the break-in.

A person familiar with the matter confirmed that North Korean hackers had been the focus of the cybersecurity firm’s investigation for the past couple of weeks.

CrowdStrike, which was hired by Sky Mavis to investigate the breach, also declined comment.

Aleksander Larsen, the co-founder of Sky Mavis, which makes Axie Infinity, declined comment.

A post on the official Ronin blog said that the FBI had attributed the hack to the Lazarus Group and that the U.S. Treasury Department has sanctioned the address that received the stolen funds.

The United States says the Lazarus hacking group is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau. It has been accused of involvement in the “WannaCry” ransomware attacks, hacking of international banks and customer accounts, and the 2014 cyber-attacks on Sony Pictures Entertainment.

The United States is pushing the U.N. Security Council to blacklist the Lazarus Group and freeze its assets, according to a draft resolution reviewed by Reuters on Wednesday.

Hacks have long plagued crypto platforms. The Ronin hack was one of the largest cryptocurrency heists on record.

Sky Mavis said it would use a combination of its own balance sheet funds and $150 million raised from investors including Binance to reimburse the lost money.

“We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” the Ronin blog said. “Expect the bridge to be deployed by end of month.”

The Treasury spokesperson said Washington will look to publish crypto cybersecurity guidelines to aid in the effort to protect against stolen virtual currency. (Reporting by Raphael Satter and Daphne Psaledakis in Washington and Elizabeth Howcroft in London; Editing by Sandra Maler)