Investigators seize $30 million in stolen crypto from North Korea
US authorities are celebrating after seizing around 10% of the cryptocurrency stolen by North Korean state hackers in the infamous Ronin Network heist in March.
In total, around $30 million was seized as part of the digital raid – the first time ever that cryptocurrency stolen by the reclusive nation has been recovered, according to Chainalysis.
Around $618 million was originally stolen from the Ronin Network Ethereum sidechain, created by Vietnamese blockchain game developer Sky Mavis. This included 173,600 Ether ($592 million at the time) and $25.5 million in two transactions, although the price of the digital currency has fluctuated since then.
“We’ve proven that with the right blockchain analysis tools, world-class investigators and professionals can work together to stop even the most sophisticated hackers and money launderers,” said Chainalysis, which assisted in the investigation.
“There is still work to be done, but this is a milestone in our efforts to make the cryptocurrency ecosystem safer.”
The threat actors had access to five of the nine private keys held by transaction validators for Ronin Network’s cross-chain bridge, according to Chainalysis. After using this majority to authorize the withdrawals, they began a complex money laundering process involving a staggering 12,000 discrete crypto addresses.
Initially, Lazarus Group hackers would send the stolen Ether to intermediary wallets and then to the mixing service Tornado Cash. Ether is then exchanged for Bitcoin, mixed again in batches and finally deposited into crypto-to-fiat services for payout.
However, Tornado Cash was later sanctioned by the US Treasury Department for its role in laundering these funds, forcing Lazarus to try a different tactic. It used decentralized financial services (DeFi) to chain, or exchange between several different types of cryptocurrencies in a single transaction.
“Bridges play an important role in moving digital assets between chains, and most of the use of these platforms is completely legitimate. Lazarus appears to be using bridges in an attempt to hide the source of funds. With Chainalysis tools, these cross-chain -fund movements are easily tracked,” the firm claimed.
Although the sum seized is relatively small, it will send an important message to digital thieves. Chainalysis is sure there is more to come.
“Much of the funds stolen from Axie Infinity remain unused in cryptocurrency wallets under the hackers’ control,” it concluded. “We look forward to continuing to work with the cryptocurrency ecosystem to prevent them and other illegal actors from withdrawing their funds.”
