US Treasury Accuses North Korean Lazarus, The Mastermind Of The Axie Infinity Crypto Theft

Axie Infinity., has lost hundreds of millions of dollars to hackers. (photo; twitter @AxieInfinity)

JAKARTA - The US Treasury Department said Thursday, April 14, that North Korean hackers are suspected of being linked to the theft of hundreds of millions of dollars worth of cryptocurrency in the popular online game Axie Infinity.

Ronin, a blockchain network that allows users to transfer crypto money in and out of games, said nearly $615 million worth of digital money had been stolen on March 23.

No one has explicitly blamed the hack, but last Thursday, the US Treasury identified the digital currency addresses used by hackers to be under the control of a North Korean hacking group often dubbed "Lazarus."

"The United States is aware that the DPRK is increasingly relying on illicit activities — including cybercrime — to generate revenue for its weapons of mass destruction and ballistic missile programs, while trying to evade strong U.S. and United Nations sanctions," a Treasury spokesman said, using the initials of North Korea's official name.

A Treasury spokesman also warned that those who transacted with the wallet were at risk of US sanctions.

Blockchain analytics firms, including Chainalysis and Elliptic, said the designation confirmed that North Korea was behind the breach.

Sources familiar with the matter confirmed that North Korean hackers have been the focus of investigations by cybersecurity firms over the past few weeks.

CrowdStrike, which was hired by Sky Mavis to investigate the breach, declined to comment. Aleksander Larsen, co-founder of Sky Mavis, which made Axie Infinity, also declined to comment.

A post on Ronin's official blog said that the FBI had linked the hack to the Lazarus Group and that the US Treasury had approved the address that received the stolen funds.

The United States says the Lazarus hacking group is controlled by the General Bureau of Reconnaissance, North Korea's main intelligence bureau. They have also been accused of involvement in the "WannaCry" ransomware attack, the hacking of international banks and customer accounts, and the 2014 cyber attack on Sony Pictures Entertainment.

The United States is pushing the UN Security Council to blacklist the Lazarus Group and freeze its assets.

Hacking has long plagued crypto platforms. The Ronin hack was one of the largest cryptocurrency thefts on record so far.

Sky Mavis said it would use a combination of its own balance sheet funds and the $150 million (IDR 2.1 trillion) raised from investors including Binance to make up for the lost money.

"We are still in the process of adding additional security measures prior to re-deployment of the Ronin Bridge to mitigate future risks," said the Ronin blog. "It is expected that the bridge will be deployed by the end of the month."

A Treasury spokesman said Washington would publish crypto cybersecurity guidelines to assist efforts to protect stolen virtual currencies.