“Through our investigation, we were able to confirm that the Lazarus Group and APT38, DPRK-affiliated cyber actors, are responsible for the $620 million in Ethereum theft reported on March 29,” the FBI said in a statement . “DPRK” is an acronym for North Korea’s official name, the Democratic People’s Republic of Korea, and Ethereum is a technology platform associated with a type of cryptocurrency. The FBI was referring to the recent hack of a computer network powered by Axie Infinity, a video game that allows players to earn cryptocurrency. Sky Mavis, the company that created Axie Infinity, announced on March 29 that unidentified hackers stole the equivalent of approximately $600 million — value at the time the hack was discovered — from a “bridge” on March 23 or a network that allows users to send cryptocurrency from one blockchain to another.
The US Treasury Department on Thursday sanctioned the Lazarus Group, a broad band of hackers believed to be working on behalf of the North Korean government. The Treasury approved the specific “wallet” or cryptocurrency address used to withdraw from the Axie Infinity hack.
Cyber attacks have been a major source of revenue for the North Korean regime for years as its leader Kim Jong Un continues to seek nuclear weapons, according to a United Nations panel and outside cybersecurity experts. North Korea last month launched what is believed to be its first intercontinental ballistic missile in more than four years. According to Chainalysis, a firm that tracks digital currency transactions, the Lazarus Group has stolen an estimated $1.75 billion worth of cryptocurrencies in recent years.
“A hack of a cryptocurrency store, for example, as opposed to a retailer, is essentially an internet-speed bank robbery and funds North Korea’s destabilizing activities and arms proliferation,” said Ari Redbord, chief legal officer at TRM Labs, a financial crimes firm. “As long as they are successful and profitable, they will not stop.”
While the war in Ukraine has focused the attention of many cybersecurity analysts on Russian hacking, suspected North Korean hackers have been anything but quiet about the cryptocurrency and financial technology sectors.
Google has a policy of notifying users who are being targeted by government-sponsored hackers.
Shane Huntley, who heads Google’s Threat Analysis Group, said that when a Google user has “any connection to involvement in bitcoin or cryptocurrency” and they receive a warning about state-sponsored hacking from Google, it almost always involves North Korean activity .
“It seems to be an ongoing strategy for them to monetize and supplement through this activity,” Huntley told CNN.