North Korean hackers are believed to be behind the theft of about $ 620 million (555 million euros) worth of cryptocurrency from the online computer game Axie Infinity. The U.S. Treasury Department and the Federal Bureau of Investigation (FBI) attribute the theft to Lazarus, a hacker group affiliated with the North Korean state.
Axie Infinity is an online computer game where players compete with teams of ‘Axies’ (small, cartoon-like monsters). This allows you to earn cryptocurrencies, which can then be used to strengthen the teams, or which can be paid out. To participate in the game, players must first purchase at least three axes.
also read Web3 looks more and more like the Wild West after the mega hack of this crypto game
In late March, Vietnamese gaming company Sky Mavis, the game’s developer, announced that in the previous days, unknown individuals had secretly managed to divert a total of about $ 620 million in cryptocurrencies from the game. They had managed to steal digital keys from so-called ‘validators’, who have to approve the transactions. A limited number of these keys were sufficient: Axie Infinity had temporarily reduced the number of validators required for a successful transaction after the game’s popularity overloaded the system. “We made compromises that made us vulnerable,” the company behind the game admitted in a blog post. “We have learned a hard lesson.”
Most of the stolen goods came from the cryptocurrency Ethereum, the rest from the dollar-denominated USDC. Measured in dollars, 620 million was the largest known crypto theft to date. The US Treasury Department has retrieved the wallet, the digital wallet in which the booty is stored, and put it on the sanctions list. This means that crypto companies in the United States are no longer allowed to participate in transactions involving this wallet.
That move would make it harder to channel and launder the loot, usually the hardest part of a major crypto theft. According to a recent report by Chainanalysis, a crypto-transaction analysis company, North Koreans still keep hundreds of millions of cryptocurrencies trapped in recent years in their wallets, which they have not yet exchanged for other currencies. Some of that money was already stolen in 2017.
Weapons of mass destruction
The hacker group Lazarus previously became internationally known when it was identified by the FBI as the perpetrator of a digital burglary at the film distributor Sony in 2014, a claim that has never been proven. The hackers stole large amounts of sensitive data, including information on salaries, negotiations with producers, unreleased films and the script for the new James Bond, ghost† The perpetrators allegedly demanded that Sony The interview would retire, a satirical film about a murder plot against North Korean leader Kim Jong-un. North Korea has always denied involvement in the Sony hack.
However, Lazarus is also blamed for several major hacks with financial intent. In 2017, for example, the gang should have managed to digitally break into the central bank of Bangladesh, where hackers tried to divert a total of $ 1 billion in Bengali assets stored in New York.
Such financial cybercrime is a major source of revenue for North Korea, which is subject to severe economic sanctions. According to Chainanalysis’ previous report, North Korean cybercriminals stole crypto for about $ 400 million in 2021 alone, mainly through hacking attacks on crypto exchanges. A 2019 UN report states that the country spends a large portion of its revenue from such cyber attacks on developing missile systems and weapons of mass destruction.