US$617 Million Cryptocurrency Stolen
Dark Web Hackers Link to Largest Crypto Theft
North Korean dark web hackers have just landed a another huge payday, with the latest being the highest single day crypto payout recorded in history. However, the stolen cash belongs to cryptocurrency investors, who were robbed by the Kim Jong Un sponsored criminal hacking group.
The Office of Foreign Assets Control (OFAC) of the United States Treasury Department revealed the recent crypto theft, and has revised their Specially Designated Nationals (SDN) registry with critical information after launching an investigation. According to the evidence provided, it shows that the North Korean-state sponsored Lazarus Group APT, a prolific hacking gang, is behind the currently greatest cryptographic currency breach in history.
Chainalysis, a blockchain data platform, discovered the new ETH wallet created on the SDN list by OFAC, the new address is tied to the Lazarus Hacking Group registration. The blockchain platform reported that the confirmed wallet address was featured in another crypto theft in March. At that time, it was utilized to facilitate the ETH and USDC tokens stolen from Axie Infinity’s Ronin network bridge.
FBI Linked Wallet to Korean Hackers
Sky Mavis created Ronin, an Ethereum sidechain, to facilitate transactions for the Axie Infinity game. Reports revealed that the Ronin network bridge allows users to move ERC-20 coins between both the Ronin and Ethereum blockchains. On March 29, 2022, the Ronin bridge hack stole 173,600 Ethereum plus 25.5 million USDC tokens with a total value of $617 million.
Through high profile investigation, the FBI was able to track the Ronin Validator Security Breach to the Lazarus Group of dark web hackers. In addition, the US Government’s Treasury Department has officially penalized the cryptocurrency wallet address used to store the stolen cryptographic funds.
According to sources, the current heist is the greatest cryptocurrency hack in history, with the second largest being the Poly Network $611 million hack in August 2021. Additionally, more revelation from Chainalysis stated that OFAC reported that a new ETH address shows the Lazarus Hacking Group’s SDN entry to crypto wallet: 0x098B716B8Aaf21512996dC57EB0615e2383E2f96. The same crypto address used in the Ronin hack of 173,600 ETH and 25.5 million USDC.
Infamous Dark Web Hackers’ Trail
The Lazarus Hackers have been identified as HIDDEN COBRA by a group of US intelligence analysts. Reportedly, it is a military based North Korean hacking group with a criminal record that spans a little over a decade, the dark web hackers were first discovered in 2009.
Their lucrative hacking portfolio includes numerous high-profile hack attacks, inclusive of the WannaCry ransomware attack, which crippled many global businesses in 2017.
In addition, the Lazarus dark web hackers had exploited the ThreatNeedle backdoor and also the MATA malware in early 2020. That highly orchestrated cyber-security espionage targeted defense industry firms in 12 or more countries. Furthermore, the infamous Lazarus Group targeted cyber security experts last year in an elaborate social engineering hack launched between January and March 2021.
In September 2019, the US Treasury penalized three groups of Kim Jong Un’s state sponsored cyber criminals. The US sanction includes dark web hackers of the Lazarus, Bluenoroff, and Andariel groups.
For the recent cryptocurrency theft, the US Government issued a $5 million bounty on the heads of the DPRK dark web hackers based in North Korea.