North Korea’s Lazarus Group Accused of Involvement in Axie Infinity Hack

Key Insights:

• Investigators identify the North Korean cybercriminal syndicate the Lazarus Group in the Axie Infinity hack.
• $552m was stolen in the Ronin Bridge hack, reportedly the biggest in crypto history.
• North Korean and Russian cybercriminals are among the most prolific in the crypto world.

As interest in digital assets and Web3 continues to grow, the opportunities are plentiful for cybercriminals.

Governments and regulators across several key crypto jurisdictions have raised concerns over the rise in illicit activity.

Such has been the level of scrutiny that the U.S launched a new FBI crypto unit to tackle cybercrime.

According to recent reports, North Korean and Russian hackers have been the most prolific in crypto-related cybercrime.

North Korean Cybercriminals Implicated in the Axie Infinity Hack

This week, government agencies and Chainalysis confirmed that North Korea’s Lazarus Group was involved in the Ronin hack. As far as crypto hacks go, the Ronin hack is the largest ever, with cybercriminals getting away with $552m.

In April, FX Empire reported Axie Infinity’s Ronin Network becoming compromised.

The Ronin hack occurred in March, with stolen funds reportedly including 173.6k ETH and 25.5m USDC.

Since the March hack, Chainalysis has worked closely with U.S government agencies to trace the missing funds.

This week, the U.S Treasury Department confirmed the involvement of the Lazarus Group in the Ronin hack. Chainalysis noted that the U.S government updated its “Specially Designated Nationals and Blocked Persons’ List with an Ethereum address linked to the Lazarus Group.

The Lazarus Group is a North Korean cybercriminal syndicate. According to North Korean defector Kim Kuk-song, the unit is the 414 Liaison Office in North Korea.

Before the Ronin hack, the $450m Mt Gox hack was the biggest crypto hack.

North Korean Cybercriminal Syndicates Find Huge Success in Cryptos

In February, news hit the wires of North Korea funding its missile program with stolen crypto.

North Korea illegally amassed more than $400m worth of digital assets last year, according to figures from Chainalysis. Cybercriminals primarily targeted investment firms and centralized exchanges.

The Lazarus Group’s involvement in the Ronin hack could dwarf last year’s reported total.

With North Korea actively amassing crypto, Russian cybercriminals have also found success in the crypto world.

In February, FX Empire also reported on ransomware figures for 2021.

Ransomware payments hit $692m in 2020, an upward revision to a $350m estimate. Ransomware payments had stood at $152m in 2019 and just $39m in 2018.

Chainalysis has currently tracked $602m in ransomware payments in 2021. Based on the 2020 estimate and latest numbers, the 2021 figure will likely break the $1bn barrier.

Russian-based Conti illicitly amassed at least $180m from ransomware victims in 2021, the biggest haul, with DarkSide coming in a distant 2^nd, with less than $100m.

U.S President Joe Biden has placed DarkSide in Russia. In May 2021, the U.S government accused DarkSide of a ransomware cyberattack on America’s Colonial Pipeline. The FBI paid a 75 BTC ransom before retrieving 63.7 BTC.

The latest hack will give the White House and government agencies greater impetus to force platforms to tighten their ships and for regulators and government agencies to intensify the scrutiny of digital assets.