More than 500 million are gone. Kim and the DPRK are the second largest crypto-theft in history

The second largest theft in the history of cryptocurrencies has its perpetrator. The US Treasury Department says the North Korean group Lazarus is behind the attack, in which $ 540 million disappeared from the Ronin network. The portal drew attention to the topic CoinDesk.

We know the culprit

On March 29, the Ronin network announced that 173,600 ETH and 25.5 million USDC stablecoins, the value of which could be converted into one-to-one dollars, had disappeared from its “bridge”.

That means the attackers stole over $ 540 million (by the time they were discovered, the cryptoactive was already worth almost $ 620 million). The biggest the victim were fans of the online game Axie Infinitywhich uses this blockchain and NFT tokens for in-game economics and shopping, writes the portal Elliptic.

Just yesterday, the US Treasury Department’s Office for Foreign Assets Control on its own web reported that the perpetrator of this fraud was the North Korean state hacker group Lazarus. Professor Nansen (a platform for analyzing blockchain data) also identified the cryptoaddress published by the ministry as an abuser of the “bridge” Ronin.

The U.S. Treasury Department imposed foreign sanctions on the attacker, banning all Americans, as well as U.S. entities, from conducting transactions with the crypto address. It seeks to ensure that this state-spotted hacking group can no longer manipulate the stolen funds it still holds through a US-based cryptobourse.

What happens to stolen cryptoactive assets?

Elliptic’s internal analysis suggests that the attackers have so far managed to “wash” 18% of the stolen funds as of April 14. The attacker was the first to transfer all stablecoins to ETH via decentralized exchanges (DEX), thus preventing their seizure. Stablecoins are controlled by their issuers, who in some cases may freeze them if they are suspected of illegal activity.

He then washed the $ 16.7 million ETH through three centralized exchanges. When the stock exchanges concerned publicly announced that they would cooperate with law enforcement agencies, the Lazarus group changed its already unusual tactics and began using Tornado Cash – a popular ethereum mixer. The attackers sent $ 80.3 million worth of TTH via Cash ETH.

The attacker’s blockchain activity also suggests that an additional $ 9.7 million in ether is in brokerage wallets ready for “washing.” Most likely also through Tornado Cash.

According to the available information, the designation of the attacker is not a coincidence at all. Many features of this attack reflect the methods, including the way of laundering, which is used by the North Korean group Lazarus.

Many believe that the stolen cryptoactive assets of the Lazarus group are used to finance state nuclear programs, but also the production and testing of ballistic missiles. Given that North Korea recently announced that it is going to test nuclear weapons again, preventing the laundering of stolen money is the number one priority.