Blockchain data analytics firm Chainalysis has revealed that U.S. authorities have seized cryptocurrency worth $30 million from North Korean hackers. “This marks the first time ever that cryptocurrency stolen by a North Korean hacking group has been seized, and we’re confident it won’t be the last,” the firm’s director of investigations said.
$30 Million in Seized Crypto Linked to North Korea
Erin Plante, a senior director of investigations at blockchain data analytics firm Chainalysis, revealed Thursday at the Axiecon event that authorities have seized millions of dollars in cryptocurrency from North Korean hackers.
“With the help of law enforcement and leading organizations in the cryptocurrency industry,” she said:
More than $30 million worth of cryptocurrency stolen by North Korean-linked hackers has been seized.
“This marks the first time ever that cryptocurrency stolen by a North Korean hacking group has been seized, and we’re confident it won’t be the last,” the director emphasized.
“The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized),” Plante described, noting that Chainalysis played a role in the seizures by utilizing “advanced tracing techniques to follow stolen funds to cash out points and liaising with law enforcement and industry players to quickly freeze funds.”
More than $600 million from Ronin Network, a sidechain built for the play-to-earn game Axie Infinity, were stolen in March. Chainalysis explained that North Korea-linked hacking elite Lazarus Group gained access to five of the nine private keys held by transaction validators for Ronin Network’s cross-chain bridge.
The hackers then initiated two withdrawal transactions: one for 173,600 ether (ETH) and the other for 25.5 million USD Coin (USDC), the firm detailed, noting that the North Korea-linked group laundered these funds using “over 12,000 different crypto addresses to-date.”
The stolen ETH coins were mixed in batches using the popular mixing service Tornado Cash, Chainalysis continued. However, following the sanction of Tornado Cash by the U.S. Treasury’s Office of Foreign Assets Control (OFAC), “Lazarus Group has moved away from the popular Ethereum mixer, instead leveraging defi [decentralized finance] services to chain hop, or switch between several different kinds of cryptocurrencies in a single transaction,” the blockchain data analytics firm explained.
The director of investigations noted that “One of the most troubling trends in crypto crime right now is the stunning rise in funds stolen from defi protocols, and in particular cross-chain bridges,” elaborating:
We estimate that so far in 2022, North Korea-linked groups have stolen approximately $1 billion of cryptocurrency from defi protocols.