A joint effort by the US government and blockchain firm Chainalysis has resulted in the recovery of around $30 million in stolen cryptocurrencies. The effort shows that crypto can and will be subject to greater scrutiny and coordinated investigative efforts between the government and private institutions. Advances in blockchain analytics are key to increasing security in a field that has already seen $1.3 billion hacked away by bad actors in 2022 alone.
According to Chainalysis, $30 million was recovered from the prominent hacking group Lazarus, which is believed to be operating with the blessing of the North Korean government (the US specifically says the group operates under North Korea’s Reconnaissance Office). The recovered funds were part of $625 million taken from popular NFT game Axie Infinity, whose Ronin sidechain was hacked earlier this year. Adjusted for the drop in cryptocurrency prices since the hack, the $30 million recovered represents just 12% of the stolen crypto assets.
The senior director of investigations at Chainalysis, Erin Plante, said the seizure shows that “it is becoming more difficult for bad actors to successfully cash out their ill-gotten gains. We have proven that with the right blockchain analysis tools, world-class investigators and compliance experts can work together to stop even the most sophisticated hackers and money launderers.”
In the process, Chainalysis helped investigators read the blockchain to follow the money across multiple obfuscation techniques. The company said Lazarus’ money laundering scheme used more than 12,000 unique crypto addresses across multiple crypto assets. Cryptocurrency mixers (pooling funds to make them fungible, i.e. indistinguishable) such as the recently sanctioned Tornado Cash app (which resulted in the detention of one of its lead programmers, Alexey Pertsev), were also used, as were several cryptocurrency bridges which further served to hide the stolen funds across multiple cryptocurrencies.
Of course, the partial recovery is less than ideal. But still, the growing number of government and law enforcement cryptocurrency and NFT seizures show that even decentralized technologies are subject to centralized bottlenecks. This is where checks and balances can be put into effect.
Sky Mavis, developers of Axis Infinity and the Ronin sidechain, took to Twitter to announce the seizure, expecting the stolen funds to be returned to the treasury “after some time.” The company recently partnered with Google Cloud as a validator node for the Ronin sidechain, and Google became an independent corporate validator for Ronin in a node pool. The firm will take on the role of monitoring validator uptime and contributing to the collective security of the network. It’s an interesting option – Sky Mavis thus leverages Google’s cybersecurity expertise, adding a (hopefully) indestructible node to its relatively limited pool of validators, which was the main reason the initial attack took place.
Important update regarding the Ronin incident. 30M USD worth of crypto has been recovered. The current total value of the stolen funds is ~250 million. So this is ~12% of the total amount. It will take some time before these funds are returned to the Treasury.https://t.co/Q7cLUsgYsk8 September 2022
