The U.S. Treasury Department has tied the North Korean hacking group Lazarus to the theft of more than $600 million in cryptocurrency from a software bridge used for the popular Axie Infinity play-to-earn game.
The department added an Ethereum wallet address tied to the group to its sanction list on Thursday. More than $86 million of the stolen cryptocurrency from the Ronin bridge has moved from the wallet through a service called Tornado Cash that allows anonymous token transfers, data show.
The Treasury, according to a spokesperson, worked with the FBI to find the wallet, the use of which could expose other virtual currency users to the threat of U.S. sanctions.
The FBI said in a statement that an investigation had determined that the hacking outfits Lazarus Group and APT38, both associated with North Korea, were behind the theft. The bureau added that such crimes generate revenue for the North Korean regime.
The Treasury spokesperson, speaking on condition of anonymity, said secondary sanctions could be imposed on anyone who tries to support the regime of Kim Jong Un through money laundering, the counterfeiting of goods or currency, bulk cash smuggling, or narcotics trafficking. The penalties would also apply to people who attempt to help any senior official of that government.
The hack was likely the largest ever in the cryptocurrency world. The software bridge was built to reduce the traffic and cost on the Ethereum blockchain caused by the popularity of Axie Infinity, which was created by Vietnam-based developer Sky Mavis. The bridging technology has been under fire after more than $1 billion worth of cryptocurrencies were stolen in a little more than a year from crypto bridges.
North Korean cybercriminals launched several attacks on crypto platforms that extracted nearly $400 million of digital assets last year, according to a Chainalysis report. Many of the attacks were carried out by the Lazarus Group, the research firm noted.
Meanwhile, blockchain data shows that 28,000 Ether associated with Ronin bridge hack were transferred to Tornado Cash.
Data shows that these funds were moved from the main wallet used by hackers to different wallets. On those new wallets, batches of transactions of 100 Ether were made to Tornado Cash.
Ronin noted on its website that the FBI attributed Lazarus Group to the breach and Treasury has sanctioned the address. Sky Mavis representatives didn’t immediately respond to a request for comment.
The Treasury spokesperson said the department is looking to publish crypto cybersecurity guidelines to help guard against illicit activity.
—With assistance from Olga Kharif
- Here's Where All The Strongest Hurricanes Have Hit the U.S. in the Past 50 Years
- 2022 Time100 NEXT: TIME’s List Of Emerging Leaders Who Are Shaping the Future
- Industrial Farming Causes Climate Change. The ‘Slow Food’ Movement Wants to Stop It
- Here Are the 12 New Books You Should Read in October
- Artist Oliver Jeffers Wants to Paint the World Out of a Corner
- A Vibrant North Korean Community in London Finds Its Days Are Numbered
- COVID-19 Vaccines Can Make Periods Longer, Study Says
- Column: What Happened When My Entire Family Came Out