North Korean Hackers Responsible For The $615 Million Axie Infinity Hack

by Samantha McLauren

One of the biggest investigation entities in the world, the FBI, found out that the North Korea Lazarus hacking group sits behind one of the largest crypto hacks to date. It turns out that the FBI is accusing Lazarus of stealing more than $600 million in cryptocurrency last month from Axie Infinity.

"Through our investigation, we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th," the FBI stated, adding that "DPRK" is actually North Korea's official name.

The FBI announcement comes just days after Sky Mavis, the company that created Axie Infinity, announced on March 29 that unidentified hackers had stolen the equivalent of roughly $600 million. The hackers, according to the company, exploited a flaw in Axie Infinity’s "bridge," or network that allows users to send cryptocurrency from one blockchain to another.

According to the U.S. Treasury Department, the Lazarus hacking group is tied to the North Korean government, and imposed sanctions against the hacking group. However, the regulatory authority was able to only sanction the specific "wallet," or cryptocurrency address, that was used to cash out on the Axie Infinity hack.

Ari Redbord, head of legal affairs at TRM Labs, noted that such an event would continue to happen as long as hackers are successful and profitable.

"A hack of a cryptocurrency business, unlike a retailer, for example, is essentially bank robbery at the speed of the internet and funds North Korea's destabilizing activity and weapons proliferation," Redbord added.

Experts blamed Russia

Interestingly, many cybersecurity analysts have shifted their stance towards Russia, especially after the start of the Russia-Ukraine war conflict. Nevertheless, North Korean hackers did not get left behind, as North Korean hacking entities have targeted US media and IT organizations, and cryptocurrency and financial technology sectors.

Google's Threat Analysis Group lead, Shane Huntley, noted that if a Google user has "any link to being involved in Bitcoin or cryptocurrency" it is almost always tied to North Korean hackers.

"It seems to be an ongoing strategy for them to supplement and make money through this activity," Huntley added.

Chainalysis confirms North Korean ties

Meanwhile, Lazarus may be really tied to hacking the Axie Infinity network, as Chainalysis tweeted about a confirmed North Korean connection.

“Updates to OFAC’s SDN designation for Lazarus Group confirm that the North Korean cybercriminal group was behind the March hack of Ronin Bridge, in which over $600 million worth of ETH and USDC was stolen.” Chainalysis wrote.

“We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk. Expect the bridge to be deployed by end of the month.” Axie Infinity noted, adding that the ill-gotten gains have made their way into the North Korean regime then recovery chances are slim at best.