Front page layout
Site theme
Sign up or login to join the discussions!
Dan Goodin – Sep 8, 2022 11:32 pm UTC
Cryptocurrency analytics firm Chainalysis said on Thursday that it helped the US government seize $30 million worth of digital coins that North Korean-backed hackers stole earlier this year from the developer of the non-fungible token-based game Axie Infinite.
The seizures “demonstrate that it is becoming more difficult for bad actors to successfully cash out their ill-gotten crypto gains,” Erin Plante, senior director of investigations at Chainalysis, wrote. “We have proven that with the right blockchain analysis tools, world-class investigators and compliance professionals can collaborate to stop even the most sophisticated hackers and launderers.”
The FBI attributed the theft to Lazarus, the name used to track a hacking group backed by and working on behalf of the North Korean government. According to Axie Infinity developer Sky Mavis, the hackers pulled off the transfers after gaining access to five of nine private keys held by transaction validators for the Ronin Networks cross-bridge, a dedicated blockchain for the game.
The hackers then initiated an elaborate laundering process that involved transferring funds to more than 12,000 different currency addresses in an attempt to obfuscate the stolen coins’ movement.
In Thursday’s post, Plante wrote:
North Korea’s typical DeFi laundering technique has roughly five stages:
Plante continued:
Since then, Lazarus Group has moved away from the popular Ethereum mixer, instead leveraging DeFi services to chain hop, or switch between several different kinds of cryptocurrencies in a single transaction. Bridges serve an important function to move digital assets between chains and most usage of these platforms is completely legitimate. Lazarus appears to be using bridges in an attempt to obscure source of funds. With Chainalysis tools these cross chain funds movements are easily traced.
We can use Chainalysis Storyline to see an example of how Lazarus Group utilized chain-hopping to launder some of the funds stolen from Axie Infinity:
Above, we see that the hacker bridged ETH from the Ethereum blockchain to the BNB chain and then swapped that ETH for USDD, which was then bridged to the BitTorrent chain. Lazarus Group carried out hundreds of similar transactions across several blockchains to launder the funds they stole from Axie Infinity, in addition to the more conventional Tornado Cash-based laundering we covered above.
On Twitter, Ronin Networks said, “It will take some time for these funds to be returned to the Treasury.” Plante said that much of the stolen funds remains in wallets under the hackers’ control. “We look forward to continuing to work with the cryptocurrency ecosystem to prevent them and other illicit actors from cashing out their funds.”
You must login or create an account to comment.
Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.
CNMN Collection
WIRED Media Group
© 2022 Condé Nast. All rights reserved. Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement (updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1/20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from links on this site. Read our affiliate link policy.
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast.
Ad Choices
