“Through our investigation, we were able to confirm that Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million from Ethereum reported on March 29,” the FBI said in a statement. “DPRK” is an abbreviation of the official name of North Korea, the Democratic People’s Republic of Korea, and Ethereum is a technology platform associated with a type of cryptocurrency.
The FBI was referring to the recent hack of a computer network used by Axie Infinity, a video game that allows players to earn cryptocurrency. Sky Mavis, the company that created Axie Infinity, announced on March 29 that unidentified hackers had stolen the equivalent of approximately $600 million – valued at the time of the hack’s discovery – on March 23 from a “bridge”, or network that allows users to send cryptocurrency from one blockchain to another.
The US Treasury Department on Thursday sanctioned the Lazarus Group, a wide range of hackers suspected of working on behalf of the North Korean government. The Treasury sanctioned the specific “wallet”, or cryptocurrency address, that was used to withdraw money from the Axie Infinity hack.
Cyberattacks have been a major source of revenue for the North Korean regime for years as its leader, Kim Jong Un, has continued to seek nuclear weapons, according to a United Nations panel and outside cybersecurity experts.
North Korea last month fired what is believed to be its first intercontinental ballistic missile in more than four years.
The Lazarus Group has stolen around $1.75 billion worth of cryptocurrency in recent years, according to Chainalysis, a firm that tracks digital currency transactions.
“A hack of a cryptocurrency company, unlike a retailer, for example, is essentially an internet-speed bank robbery and funds North Korea’s destabilizing activity and weapons proliferation,” said Ari Redbord, head of legal affairs at TRM Labs, a company. which investigates financial crime. “As long as they’re successful and profitable, they won’t stop.”
While many cybersecurity analysts have focused on Russian hacking in light of the war in Ukraine, suspected North Korean hackers are far from silent.
Last month, Google researchers revealed two alleged North Korean hacking campaigns targeting US media and IT organizations, as well as the cryptocurrency and fintech sectors.
Google has a policy of notifying users who are targeted by state-sponsored hackers.
Shane Huntley, who heads Google’s Threat Analysis Group, said if a Google user has “a connection to bitcoin or cryptocurrency involvement” and receives a warning about the sustained hack by the state of Google, it almost always ends up being a North Korean activity. .
“It seems like an ongoing strategy for them to supplement and make money from this business,” Huntley told CNN.