Lazarus Group Behind $540M Axie Infinity Crypto Hack & Chemicals Sector Attacks

The US Treasury Department has implicated the North Korean-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from the Ronin Network of the Axie Infinity video game last month.

Thursday, the Treasury attached Ethereum wallet address who received the funds stolen from the threat actor and sanctioned the funds by adding the address to Specially Designated Nationals of the Office of Foreign Assets Control (OFAC) (SDN) List.

“The FBI, in coordination with the Treasury and other U.S. government partners, will continue to expose and combat the DPRK’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” the intelligence and law enforcement agency said. mentioned in a report.

The cryptocurrency heist, the second in importance cryptocurrency theft to date involved the siphoning of 173,600 Ether (ETH) and 25.5 million USD coins from the Ronin Cross-Chain Bridge, which allows users to transfer their digital assets from one cryptonet to another, on March 23 2022.

“The attacker used hacked private keys in order to forge fake withdrawals”, the Ronin network Explain in his disclosure report a week later after the incident came to light.

cyber security

The sanctions prohibit U.S. individuals and entities from transacting with the address in question to ensure the state-sponsored group can no longer withdraw funds. An analysis by Elliptic revealed that the actor had successfully laundered 18% of embezzled digital funds (approximately $97 million) as of April 14.

“First, the stolen USDC was exchanged for ETH via decentralized exchanges (DEX) to prevent it from being seized,” Elliptic Noted. “By converting the tokens on DEXs, the hacker avoided anti-money laundering (AML) and “know your customer” (KYC) checks performed on centralized exchanges.”

Nearly $80.3 million of the funds laundered involved the use of Tornado Cash, a mixing service on the Ethereum blockchain designed to hide the funds trail, with an additional $9.7 million of ETH likely to be involved. be bleached in the same way.

Lazarus Group, a generic name given to prolific state-sponsored actors operating on behalf of North Korean strategic interests, has a history of stealing cryptocurrency since at least 2017 to circumvent sanctions and fund nuclear and nuclear programs. ballistic missiles in the country.

“The country’s spying operations are believed to reflect the immediate concerns and priorities of the regime, which is currently likely focused on acquiring financial resources through crypto heists, targeting media, news and corporate entities. policies, [and] foreign relations news and nuclear news,” Mandiant said in a recent in-depth analysis.

The United States Cybersecurity and Infrastructure Security Agency (CISA) has painted cyber actors as an increasingly sophisticated group that has developed and deployed a wide range of malicious tools around the world to facilitate these activities.

The group is known to have plundered around $400 million in digital assets from crypto platforms in 2021, marking a 40% jump from 2020, according to Chainalysis, which found that “only 20% of funds stolen were Bitcoin, [and that] Ether accounted for the majority of stolen funds at 58%.

Despite punishments imposed by the US government on the hacking collective, recent campaigns undertaken by the group have capitalized on trojanized decentralized finance (DeFi) wallet applications to hijack Windows systems and divert funds from unsuspecting users.

That’s not all. In another cyber offensive revealed by Broadcom Symantec this week, the actor was observed targeting South Korean organizations operating in the chemical sector in what appears to be a continuation of a malware campaign dubbed “Operation Dream Job”, corroborating findings from Google’s Threat Analysis Group in March 2022.

cyber security

The intrusions, detected earlier in January, began with a suspicious HTM file received as a link in a phishing email or downloaded from the Internet which, when opened, triggers an infection sequence, ultimately leading to retrieving a second stage payload from a remote server to facilitate further forays.

The purpose of the attacks, Symantec said, is “to obtain the intellectual property to advance North Korea’s own prosecution in this area.”

The continued onslaught of illicit activities perpetrated by the Lazarus Group has also led the US State Department to announce a $5 million reward for “information that leads to the disruption of the financial mechanisms of individuals engaged in certain activities that support North Korea.”

The development comes days after a US court in New York sentenced Virgil Griffith, a 39-year-old former Ethereum developer, to five years and three months in prison for helping North Korea use virtual currencies to escape punishment.

To make matters worse, malicious actors stole $1.3 billion worth of cryptocurrency in the first three months of 2022 alone, compared to $3.2 billion that was looted in all of 2021, indicating a “skyrocketing increase” in thefts on crypto platforms.

“Nearly 97% of all cryptocurrencies stolen in the first three months of 2022 were taken from DeFi protocols, compared to 72% in 2021 and only 30% in 2020”, Chainalysis mentioned in a report published this week.

“For DeFi protocols in particular, however, the biggest thefts are usually due to faulty code. Code exploits and flash lending attacks — a type of code exploit involving the manipulation of cryptocurrency prices — accounted for much of the stolen value outside of the Ronin attack,” the researchers said.

We would love to say thanks to the writer of this short article for this remarkable material

Lazarus Group Behind $540M Axie Infinity Crypto Hack & Chemicals Sector Attacks

You can find our social media profiles as well as other related pages