US Says North Korean Lazarus Group Carried Out Huge Crypto Theft

An illustration representing the North Korean flag and the shape of its borders

US Treasury Department says notorious North Korean hackers, the Lazarus Group, was behind largest ever cryptocurrency heist last month

The United States has pointed the finger of blame at a notorious North Korean hacking outfit, the Lazarus Group for the largest ever cryptocurrency heist.

Last month a gaming-focused blockchain network admitted hackers had stolen over $615m in USDC (a US dollar pegged stablecoin) and ethereum on 23 March.

Axie Infinity’s Ronin Network made the admission in a blog post, and the $615m loss surpasses the $611 million hack of decentralised finance, or DeFi, Poly Network in August 2021.

Lazarus Group

The Ronin Network supports the popular blockchain game Axie Infinity, which lets users earn money as they play.

In the aftermath of the hack, the Ronin Network said that most of the hacked funds were still in the hacker’s wallet.

But now this week the US Treasury Department has linked the North Korean hackers to the Ronin Network theft, after it identified a digital currency address used by the hackers as being under the control of Lazarus.

“The United States is aware that the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs as it tries to evade robust US and UN sanctions,” a Treasury Department spokesperson was quoted by Reuters as saying.

DPRK stands for Democratic People’s Republic of Korea (i.e. North Korea).

The US Treasury spokesperson warned that those transacting with the wallet risk exposure to US sanctions.

Outside confirmation

Chainalysis tweeted that the US designation confirmed that North Korea was behind the break-in, after the US Treasury’s Office of Foreign Assets Control (OFAC) announced new sanctions and listed the owner of this address as the Lazarus Group.

In January Chainalysis said hackers based in North Korea had stolen nearly $400 million (£292m) in cryptocurrencies during 2021.

Those hackers mainly targeted investment firms and centralised exchanges, using phishing lures, social engineering techniques and technical security exploits to steal funds from “hot” or internet-connected wallets, Chainalysis said earlier this year.

Meanwhile tracing firm Elliptic in a blog post this week also said the US has identified Lazarus as the culprits, and estimated that 14 percent of the stolen funds had already been laundered by Thursday.

North Korean intelligence

Meanwhile an updated post on the official Ronin blog said that the FBI had attributed the hack to the Lazarus Group and that the US Treasury Department has sanctioned the address that received the stolen funds.

The United States says the Lazarus group is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau.

Lazarus Group is best known for its attacks on Sony Pictures Entertainment in 2014 and for the widespread Wannacry malware attack in May 2017.

The group has also been accused of hacking of international banks and customer accounts.

The United States is pushing the UN Security Council to blacklist the Lazarus Group and freeze its assets, according to a draft resolution reviewed by Reuters on Wednesday.