Sophie Webster, Tech Times

On Thursday, Sept. 8, US authorities and blockchain analyst Chainalysis recovered $30 million in cryptocurrency stolen from the online video game Axie Infinity in March. 

The recovered funds are just a fraction of the $625 million lost by Axie Infinity to Lazarus Group. This North Korean hacking entity has been behind several crypto thefts in the past few years. 

Recovered Stolen Crypto

According to a blog post by Erin Plante, senior director of investigations at Chainalysis, this is the first time that crypto stolen by the Lazarus Group has been recovered. 

The North Korean-linked group used Tornado Cash to launder the proceeds of Axie Infinity. After the incident, the US Treasury Department sanctioned Tornado Cash for facilitating money laundering, forcing them to employ alternative techniques. 

Tornado Cash now uses blockchain bridges to easily change between different types of digital coins to help obscure the source of their funds, and analysts have the tools to trace the cross-chain movements. 

Also Read: Hacker Gang Lazarus Targets Web3 Developers on Mac Devices: Fake Coinbase Job Offer 

According to Engadget, the US authorities and Chainalysis only retrieved $30 million of stolen crypto funds, and most of the stolen funds remain in the blockchain. 

Bleeping Computer also reported that the news about the fund retrieval was announced at the AxieCon event. The recovered fund will be moved into Axie infinity's treasury and back to its player community. 

Who is the Lazarus Group?

According to NCC Group, Lazarus Group has operated for more than ten years. It is behind several cyber incidents like the hack on Sony Pictures in 2014 and the spread of the WannaCry ransomware in 2017. 

The Lazarus Group is financially motivated and is helping boost the North Korean economy. Since the hackers have the government's support, they do not face any risk of prosecution in North Korea. 

In June, North Korean hackers were behind the $100 million Harmony crypto heist. 

According to Fortune, the attack drained the Harmony Bridge device, which enables crypto assets to be traded between the Harmony blockchain and other blockchains. 

The Lazarus Group converted the stolen assets to 85,837 ETH following the hack and, on June 27, began sending some of the cryptos through Tornado Cash. Around 41% of the stolen funds were sent to Tornado Cash. 

On Thursday, Sept. 8, threat intelligence company Cisco Talos said that Lazarus Group targeted unnamed energy providers in the US, Canada, and Japan between February and July. 

According to TechCrunch, the hackers used a vulnerability in Log4j, or Log4Shell, to compromise internet-exposed VMware Horizon servers to establish a foothold onto its victim's enterprise network. 

Once the VMware Horizon was compromised, the hackers deployed bespoke malware known as VSingle and YamaBot to establish persistent access. 

Cisco Talos also revealed that an unknown remote access trojan named MagicRAT attributed to Lazarus Group, which the hackers use for stealing credentials. 

Cisco Talos said that the main goal of the Lazarus Group is to establish long-term access into its victim's networks to conduct espionage operations in support of North Korean government objectives.  

Related Article: Lazarus Group and APT38 Hackers Confirmed to be Behind $620 Million Ethereum Crypto Heist 

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: US government Axie Inifnity crypto
Join the Discussion