Placeholder when loading item promotions
North Korean hackers, who carried out one of the biggest cryptocurrency thefts of all time last month, are still washing their loot more than a week after being identified as the thieves.
Cybercriminals’ continued access to the money, more than $600 million, stolen from the Axie Infinity video game underscores the limits of law enforcement’s ability to stop the flow of illicit cryptocurrency around the world. The hackers are still moving their loot, most recently moving about $4.5 million in Ethereum currency as of Friday, according to data from cryptocurrency tracking site Etherscan — eight days after the Treasury Department tried to freeze those assets by using the digital wallet used by the group sanctioned his attack.
The gang, which the Treasury Department identified as the Lazarus Group, also known for hacking Sony Pictures in 2014, has so far had nearly $100 million — about 17 percent — of what was stolen, according to blockchain analysis firm Elliptic cryptos washed. They put their loot out of the immediate reach of US authorities by converting them into the Ethereum cryptocurrency, which unlike the cryptocurrency they stole cannot be remotely tied down. Since then, the gang has worked to obfuscate the crypto’s origins, most notably sending installments of it through a program called Tornado Cash, a service known as Mixer that bundles digital assets to hide their owners.
Among the top hacking nations, North Korea is the strangest
Authorities and major players in the crypto industry are scrambling to keep up. The Treasury Department on Friday approved three more addresses linked to the gang as Binance, a major international crypto exchange, announced It had frozen $5.8 million worth of crypto that the hackers had transferred to its platform.
The cat-and-mouse game unfolding between law enforcement and North Korean hackers is another example of how criminals have learned to target the vulnerabilities of the growing crypto-economy. They exploit buggy code in decentralized crypto platforms, use tools that help them hide their tracks such as: B. the conversion of assets into privacy-friendly cryptocurrencies like Monero, and take advantage of the patchy coordination of law enforcement across international borders.
The North Korean case also puts the spotlight on a crypto industry eager to demonstrate its trustworthiness to regulators, investors, and customers while maintaining crypto’s free-running ethos. Some of the industry’s largest companies say they welcome government oversight and are promoting their investments in internal compliance programs.
But a Washington Post review of crypto accounts sanctioned by the Treasury Department over the past year and a half found that four wallets remained free for transactions months after they were blacklisted by the government. The apparent failings stem from flawed or incomplete compliance programs by Tether and Center Consortium, two companies involved in issuing stablecoins, a type of cryptocurrency whose value is pegged to an external asset, typically the dollar.
“We are at a particularly important moment: everyone is still learning what’s possible and how attacks can occur, and the borderless nature of crypto makes it difficult to enforce standards globally,” said Chris DePow, a compliance officer at Elliptic. “These are people who operate all over the world. Even if you enforce very well in one jurisdiction, you will still end up having a problem if there are other jurisdictions with weaker enforcement.”
Digital thieves are facing a record year. They stole $1.3 billion worth of cryptocurrencies in the first three months of the year, after seizing $3.2 billion in 2021, according to blockchain data firm Chainalysis. Hackers pulled off another big raid Last Sunday, he stole about $76 million worth of digital assets from a crypto project called Beanstalk, according to Etherscan data.
North Korean Hackers Linked to $620M Crypto Heist Axie Infinity
As cybercriminals become more successful, so does the urgency for US authorities, who now view the attacks as a threat to national security. The Lazarus Group, for example, is a major source of funding for North Korea’s nuclear and ballistic missile programs, according to United Nations investigators. And Russian hackers temporarily hampered the operations of a critical American fuel pipeline and the world’s largest meat supplier last spring, only relenting after collecting millions of dollars in cryptocurrency for ransom. (Much of the ransom money paid for the Colonial Pipeline was later reclaimed.)
The Russian invasion of Ukraine has sharpened the focus of policymakers on the issue. Some lawmakers have worried that the Russian government and oligarchs could use crypto to evade international sanctions choking their access to traditional financial channels.
So far they haven’t. “It’s hard to imagine this happening to crypto,” Treasury Secretary Janet Yellen said on Thursday. But the department is also signaling that it’s not taking any chances. It imposed sanctions on Russian crypto-mining firm Bitriver and 10 of its subsidiaries on Wednesday, saying in a statement that the Biden administration is “committed that no asset, no matter how complex, becomes a mechanism by which the… Putin’s regime can offset the impact of sanctions”.
Crypto industry says it is complying with Russian sanctions as some policymakers sound the alarm
US authorities also continue to target Russian cybercriminals and the crypto platforms they rely on to power their attacks. Earlier this month, US law enforcement announced the shutdown of Russia-based Hydra Market, a dark web marketplace allegedly selling hacked personal information, drugs, and hacking services.
As part of the crackdown, the Treasury also sanctioned Garantex, a Russian crypto exchange that the department said had processed more than $100 million in illegal transactions, including $2.6 million related to Hydra. The Treasury said the move was based on sanctions it imposed last year on two other Russian crypto exchanges, Suex and Chatex, all of which operate from the same office tower in Moscow’s financial district.
The designations mean that any crypto company that interacts with the U.S. financial system should block transactions with the sanctioned companies, Elliptic’s DePow said. However, The Post’s review revealed that neither Tether nor Center Consortium have blocked all transactions with sanctioned addresses.
Tether continues to allow transactions with crypto accounts said to belong to Chatex, more than half of which have been linked to illegal or high-risk activities including ransomware attacks, according to the Treasury Department. According to a Post review of blockchain data by Etherscan, a Tether address received and sent about $15,000 as recently as April 19. Another received and then shipped nearly $42,000 in the last six months.
In a statement, Tether said it “performs constant market surveillance to ensure there are no irregular movements or actions that may violate applicable international sanctions.” Chatex has not responded to requests for comments.
Not all transactions with sanctioned addresses are nefarious: sometimes mainstream exchanges consolidate funds into sanctioned accounts that no longer benefit the accused hackers who used to own them. And sometimes the Treasury approves individual transactions with sanctioned accounts
Russia arrests 14 suspected members of the REvil ransomware gang, including a hacker who the US says carried out an attack on the Colonial Pipeline
Separately, the Center Consortium — a joint venture between US crypto firms Coinbase and Circle that issues USD Coin, the second-largest stablecoin — was only able to freeze three wallets owned by Russian hackers months after the Treasury Ministry approved it. Two of the accounts blacklisted in September 2020 belong to Artem Lifshits and Anton Andreyev, associates of the Russian hacker group that led the country’s meddling in the 2016 US presidential election. A third has been linked to Yevgeniy Polyanin, who the Ministry of Finance sanctioned in November for conducting ransomware attacks as part of the cybercriminal gang REvil.
The center didn’t freeze those wallets until March 29, when a spokesman said the company conducted a review of sanctioned accounts and found it “simply hadn’t found those addresses.” The wallets did not make any transactions during this time.
“We’re constantly reviewing what we’re doing to make sure we’re at the cutting edge of our compliance,” the center’s spokesman said. “Through this review, we identified three addresses that had been overlooked and we took immediate action.”
The Treasury Department requires US companies to freeze sanctioned accounts once it blacklists them and report it within 10 days, said John Smith, former director of the department’s Office of Foreign Assets Control and now a partner at Morrison & Foerster . The department can impose severe penalties on violators even if they were unaware they were breaking the rules, he said, although it tends to focus on more egregious cases.
“They go after organizations or individuals that they believe have intentionally or recklessly violated sanctions,” Smith said.
A Treasury Department spokesman did not respond to a request for comment.
Nor does Tornado when approached by a founder. Whoever stole $75 million from the Beanstalk project also laundered their earnings using this mixer. That angered investor AJ Pikul, who says He lost about $150,000 from the hack. “To be honest, I’m not at all happy about the opportunity to launder funds through crypto,” he told The Post via email.
“I feel like we’re in a digital arms race between the good guys and the bad guys,” he said.