Chainalysis, a blockchain data analytics company, has reported that the FBI and the IRS have confiscated $30 million worth of cryptocurrencies from North Korean hackers. It’s the first time cryptocurrency stolen by a North Korean hacking gang has been recovered, but the company’s director of investigations is convinced it won’t be the last.
Over $30 Million in North Korean-Related Cryptocurrency Seized
At the Axiecon conference on Thursday, Erin Plante, senior director of investigations at blockchain data analytics startup Chainalysis, said that authorities have confiscated millions of dollars’ worth of cryptocurrencies from North Korean hackers.
She said that “with the assistance of law enforcement and key businesses in the cryptocurrency industry,”
Hacked bitcoin worth over $30 million was recovered from hackers with ties to North Korea.
The director stressed that this was the first time cryptocurrency taken by a North Korean hacking cell had been confiscated, but that they were “certain” that it wouldn’t be the last.
Plante said that Chainalysis helped with the seizures by using “advanced tracing techniques to follow stolen funds to cash out points and liaising with law enforcement and industry players to quickly freeze funds,” and that this amounted to about 10% of the total funds stolen from Axie Infinity (accounting for price differences between the time the funds were stolen and the time they were seized).
In March, hackers stole almost $600,000,000 from the Ronin Network, a sidechain developed for the ad-supported MMO Axie Infinity. According to Chainalysis, five of the nine private keys held by transaction validators for Ronin Network’s cross-chain bridge were compromised by a hacking elite with ties to North Korea called the Lazarus Group.
The hackers subsequently executed two withdrawal transactions totaling 173,600 ether (ETH) and 25.5 million USD Coin (USDC), the company said, adding that the North Korean-linked organization laundered the money using “over 12,000 different crypto addresses to-date.”
Chainalysis elaborated by saying that the stolen ETH currencies were mixed using the widely used mixing service Tornado Cash in batches. After the U.S. Treasury’s Office of Foreign Assets Control (OFAC) banned Tornado Cash, “Lazarus Group has shifted away from the popular Ethereum mixer, instead employing defi [decentralized finance] services to chain hop,” the blockchain data analytics firm revealed.
“One of the most worrying trends in crypto crime right now is the remarkable surge in cash stolen from defi protocols, especially in particular cross-chain bridges,” said the director of investigations.
We believe that North Korean-affiliated entities have stolen almost $1 billion worth of cryptocurrencies from defi protocols this year alone.