US Government and Blockchain Analyst Chainalysis Recover $30M Crypto Funds Stolen From Axie Infinity

On Thursday, September 8, US authorities and blockchain analyst Chainalysis recovered $30 million in cryptocurrency stolen from the online video game Axie Infinity in March.

The recovered funds are only a fraction of the $625 million that Axie Infinity lost to the Lazarus Group. This North Korean hacking unit has been behind several crypto thefts in recent years.

Recovered stolen crypto

According to a blog post by Erin Plante, senior director of investigations at Chainalysis, this is the first time crypto stolen by the Lazarus Group has been recovered.

The North Korean-affiliated group used Tornado Cash to launder the proceeds of Axie Infinity. Following the incident, the US Treasury Department sanctioned Tornado Cash for facilitating money laundering, forcing them to use alternative techniques.

Tornado Cash now uses blockchain bridges to easily switch between different types of digital coins to hide the source of their funds, and analysts have the tools to track their movements across chains.

Also read: Hacker Gang Lazarus Targets Web3 Developers on Mac Devices: Fake Coinbase Job Offer

According to Engadget, US authorities and Chainalysis recovered only $30 million of stolen crypto funds, and most of the stolen funds remain on the blockchain.

Bleeping Computer also reported that news of the fundraising was announced at the AxieCon event. The recovered fund will be moved into Axie infinity’s treasury and back to the player community.

Who is the Lazarus Group?

According to NCC Group, Lazarus Group has been operating for more than ten years. It is behind several cyber incidents such as the hack at Sony Pictures in 2014 and the spread of the WannaCry ransomware in 2017.

The Lazarus Group is financially motivated and helps to boost the North Korean economy. Since the hackers have government support, they face no risk of prosecution in North Korea.

In June, North Korean hackers were behind the $100 million Harmony encryption heist.

According to Fortune, the attack tapped the Harmony Bridge device, which allows cryptoassets to be traded between the Harmony blockchain and other blockchains.

The Lazarus Group converted the stolen assets into 85,837 ETH after the hack and on June 27 began sending some of the crypto through Tornado Cash. Around 41% of the stolen funds were sent to Tornado Cash.

On Thursday, Sept. 8, threat intelligence firm Cisco Talos said the Lazarus Group targeted named energy suppliers in the United States, Canada and Japan between February and July.

According to TechCrunch, the hackers used a vulnerability in Log4j, or Log4Shell, to compromise internet-exposed VMware Horizon servers to establish a foothold on the victim’s corporate network.

Once VMware Horizon was compromised, the hackers deployed custom malware known as VSingle and YamaBot to establish persistent access.

Cisco Talos also revealed that an unknown remote access trojan called MagicRAT was attributed to the Lazarus Group, which the hackers use to steal credentials.

Cisco Talos said the main goal of the Lazarus Group is to establish long-term access to the victim’s network to conduct espionage operations in support of North Korean government objectives.

Related article: Lazarus Group and APT38 Hackers Confirmed to Be Behind $620 Million Ethereum Crypto Heist

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2022 TECHTIMES.com All rights reserved. Do not reproduce without permission.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *