Cybersecurity

North Korean group stole more than $600M in Axie Infinity hack, FBI says

North Korean hackers were responsible for stealing about $620 million in cryptocurrency last month from the virtual game Axie Infinity, according to the FBI.

The FBI said in a Thursday release that the Lazarus Group, which is associated with the Democratic People’s Republic of North Korea (DPRK), was responsible for the March 23 theft of cryptocurrency funds from Axie Infinity players.

Following confirmation of the hack on Thursday, the Treasury Department sanctioned the Lazarus Group, which is known by various other names including “APT-C-26,” “Appleworm,” “Red Dot” and “Hidden Cobra.”

The investigation is reportedly ongoing; the makers of Axie Infinity, Sky Mavis, have said they are working with law enforcement to recover the stolen funds.

The FBI said it would “continue to expose and combat the DPRK’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime.”

The Lazarus Group broke into the Ronin Network, essentially a bridge that transfers cryptocurrency in and out of the game, by exploiting a backdoor in the virtual network. They successfully stole 173,600 ethereum and 25.5M USDC, a cryptocurrency linked to the U.S. dollar, from Axie Infinity users.

The hack was reported on March 29 and Sky Mavis shut down the Ronin Network.

Axie Infinity is a blockchain-based game where players purchase non-fungible tokens — “unique” digital objects that use blockchain technology to verify ownership — of digital monsters and battle them against each other.

Employees behind the Ronin Network on Thursday said the network system for the game was still down pending further measures to boost security.

“We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” a blog post read. “Expect the bridge to be deployed by end of month. Security comes first.”

Sky Mavis raised $150 million via a fundraising effort to reimburse players who were compromised in the hack.

Trung Nguyen, the CEO of Sky Mavis, said in an April 6 blog post he was “committed to reimbursing all of our users’ lost funds and implementing rigorous internal security measures to prevent future attacks.”

North Korea has grown increasingly hostile to the U.S. in the digital realm. In 2021, North Korean hackers stole close to $400 million in more than seven attacks across cryptocurrency platforms.

North Korea this year has launched a spate of ballistic missiles this year, including an intercontinental ballistic missile capable of potentially reaching the U.S. mainland. The actions have drawn condemnation from the U.S. and resulted in sanctions against the isolated country.