Double exposure of hacker working with laptop and flag of North Korea. Threat of cyber attack — Photo

Law enforcement agencies recover $30M worth of assets from North Korean hackers

Security outfits have recovered nearly $30 million from rogue hackers operating out of North Korea. The seizure of digital assets makes up around 10% of the stolen funds from Ronin, a sidechain supporting the popular Play-to-Earn game Axie Infinity.  

Analytics firm Chainalysis disclosed in a blog post that it played a crucial role in recovering the funds while collaborating with law enforcement agencies. The blog post identified Lazarus as the group behind the attack on Ronin and noted that the development was the first time in history that funds have been recovered from a North Korean hacking group.

“We have proven that with the right blockchain analysis tools, world-class investigators and compliance professionals can collaborate to stop even the most sophisticated hackers and launderers,” read the blog post. “There is still work to be done, but this is a milestone in our efforts to make the cryptocurrency ecosystem safer.”

Chainalysis revealed the process that led to the recovery of the stolen funds after the $600 million hack in June. Erin Plante, senior director of investigations, remarked during Axie Infinity’s AxieCon that Lazarus obtained access to five out of nine private keys of Ronin Network validators to breach the network and steal the fund in two major transactions.

To launder the funds, Lazarus used over 12,000 different addresses, which Plante says “demonstrates the hackers’ highly sophisticated laundering capabilities.” Chainalysis observed that the stolen Ether was mixed using Tornado Cash, swapped for bitcoin, and mixed again before being “deposited in crypto-to-fiat services for cashout.”

Plante noted that despite the advanced on-chain surveillance employed by Chainalysis, “these seizures would not have been possible without collaboration across the public and private sectors.”

Tightening the noose for bad actors in the ecosystem

For years, hackers have wreaked havoc in the cryptoverse with brazen attacks on decentralized finance (DeFi) protocols and similar platforms. Billions have been lost to these security breaches, eroding investors’ faith in the viability of digital assets.

However, law enforcement agents have begun fighting back, and the recent sanctions slammed on Tornado Cash by the United States Treasury Department send a strong signal of their resolve.

While crime in the industry is in a general state of decline, the activities of hackers are at an all-time high, with social media accounts also falling victim to their antics. In the last few months, a series of convictions have been obtained against scammers and operators of Ponzi schemes in the virtual assets industry.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups from BitMEX to BinanceBitcoin.comBlockstreamShapeShiftCoinbaseRipple,
EthereumFTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]