FBI Says North Korea Behind Biggest Crypto Theft in History Against Axie Infinity

FBI Says North Korea Behind Biggest Crypto Theft in History Against Axie Infinity
Kim Jong Un, second right, cuts the ribbon during an inauguration ceremony of Pothong riverside terraced residential district in Pyongyang, North Korea on April 13, 2022. (Photo: Korean Central News Agency/Korea News Service, AP)

The hackers behind the March 23 theft of roughly $US625 ($868) million worth of cryptocurrency from the Ronin blockchain are based in North Korea, according to a new announcement from the FBI. The federal law enforcement agency claims the Lazarus Group, North Korea’s most notorious hacker gang, is laundering the money for Kim Jong Un’s regime and the U.S. Treasury is working to stop the flow of funds however it can.

“The FBI continues to combat malicious cyber activity including the threat posed by the Democratic People’s Republic of Korea to the U.S. and our private sector partners. Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $US620 ($861) million in Ethereum reported on March 29th,” the FBI said in a statement late Thursday.

“The FBI, in coordination with Treasury and other U.S. government partners, will continue to expose and combat the DPRK’s use of illicit activities – including cybercrime and cryptocurrency theft – to generate revenue for the regime,” the FBI statement continued.

The hackers made off with about 173,600 ether, according to the Ronin Network, and 25.5 million USDC, a stablecoin pegged to the U.S. dollar. Lazarus Group has allegedly been behind the theft of over $US1 ($1) billion in crypto and cash over the years, becoming a successful source of revenue for North Korea’s heavily sanctioned economy.

The U.S. Treasury has sanctioned the address that received the stolen crypto, but it’s currently being laundered through Tornado Cash, a service that allows people to obfuscate where crypto has come from. The hackers who stole $US34 ($47) million from Crypto.com back in January also used Tornado Cash and it’s not clear whether federal authorities are trying to get it shut down.

The theft, believed to be the largest in crypto history, exploited a vulnerability in the Ronin network, which runs the incredibly popular NFT game Axie Infinity. Somehow, the hack wasn’t noticed by the folks at Ronin until six days later.

The Axie Infinity game is a so-called play-to-earn model where players must first buy NFTs of cartoon characters which they can then use to earn crypto by playing games for hours on end. The game is incredibly popular in the Philippines where it became a stream of income for people during covid-19 pandemic lockdowns.

“We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” Ronin Network said in a statement on Thursday.

“Expect the bridge to be deployed by end of month. Security comes first. The timeline is subject to change based on the implementation time of several security measures,” the statement continued.


Editor’s Note: Release dates within this article are based in the U.S., but will be updated with local Australian dates as soon as we know more.