The Lazarus Group stole cryptocurrencies worth 60 million NOK (about $5.84 million) in March 2022 as a result of the Axie Infinity Ronin Bridge hack, according to a statement from the Norwegian police agency Økokrim. The agency stated in a statement, “this case shows that, despite the offenders’ use of sophisticated methods, we have a remarkable ability to track the money on the blockchain.”
The news comes more than ten months after the US Treasury Department accused a hacker organization supported by North Korea of stealing $620 million from the Ronin cross-chain bridge. Then, in September 2022, the American government declared that it had recovered more over $30 million in cryptocurrencies, or 10% of the money that had been stolen.
The money trail was followed and pieced together by international law enforcement partners, according to Økokrim, making it more challenging for criminals to engage in money laundering operations.
It went on to say, “This money can fund North Korea and their nuclear weapons program.” Therefore, it has been crucial to keep tabs on bitcoin and try to block attempts to withdraw money in the form of actual assets.
The development comes after cryptocurrency exchanges Binance and Huobi frozen accounts containing about $1.4 million in virtual money that had been obtained as a result of the Horizon Bridge attack by Harmony in June 2022.
The attack, which is also attributed to the Lazarus Group, allowed the threat actors to use Tornado Cash, which the American government approved in August 2022, to launder some of the earnings.
According to blockchain analytics company Elliptic, “The stolen monies were dormant until lately, when our investigators started to observe them channeled via intricate chains of transactions, to exchanges.”
Norway Officials Seizes Crypto By North Korean Hackers
Additionally, Tom Robinson of Elliptic informed that there are signs that Blender, another cryptocurrency mixer that was banned in May 2022, may have returned as Sinbad and laundered about $100 million in Bitcoin from hacks linked to the Lazarus Group.
Funds were “laundered through a sophisticated sequence of transactions involving swaps, cross-chain bridges, and mixers,” the company claims, after the Horizon Bridge robbery.
Tornado Cash was employed once more, however Sinbad was substituted for Blender as the Bitcoin mixer. Despite the service’s recent October 2022 inception, It is thought to have made it easier for tens of millions of dollars to be transferred from the Horizon and other cyberattacks connected to North Korea.
According to data released by Chainalysis earlier this month, the nation-state entity delivered 1,429.6 Bitcoin worth a total of about $24.2 million to the mixer during the course of the two-month period between December 2022 and January 2023.
The similarities in the wallet addresses utilized, their connections to Russia, and the similarities in how both mixers function serve as proof that Sinbad is “very likely” a rebrand of Blender.
According to Elliptic, “an analysis of blockchain transactions reveals that a Bitcoin wallet used to compensate people who supported Sinbad got Bitcoin from the wallet of the alleged Blender operator.”
The developer of Sinbad, who goes by the moniker “Mehdi,” told WIRED that the project is a legal privacy-preserving one in the vein of Monero, Zcash, Wasabi, and Tor and that it was created in response to “increasing centralization of cryptocurrencies.”
The revelations also come as a new wave of ransomware attacks targeted at healthcare organizations are being planned by the Lazarus actors to make illegal cash for the country under sanctions.
According to a joint advice released by the two countries, money earned from these financially motivated attacks is used to finance additional cyber actions, such as eavesdropping on South Korean and American defense industry and sector groups.
However, despite the efforts of law enforcement, the threat actor’s widespread attack campaign has continued to develop with new characteristics.
According to a recent report from AhnLab Security Emergency response Center (ASEC), this includes a variety of anti-forensic tactics intended to obscure evidence of breaches and prevent analysis.
Data hiding, artifact deleting, and trail obfuscation were all methods used by the Lazarus organization, according to ASEC researchers.
In the biggest cryptocurrency robbery ever documented, North Korean hackers stole 60 million kroner ($5.9m) in cryptocurrency last year, which Norwegian officials tracked and stopped. The economic and environmental crime agency of the Scandinavian nation (Økokrim) asserted that ever since the raid on Ronin Network in March 2022, North Korean threat actors have been engaged in a significant money laundering scheme.
Økokrim excels in money management. This case demonstrates that, even when criminals employ cutting-edge techniques, we are very capable of tracking the money on the blockchain, according to Økokrim state attorney Marianne Bender. “To track cryptocurrency, we collaborate with FBI experts. A stronger society can fight against cybercrime that is driven by profit thanks to international cooperation. Vietnamese blockchain gaming developer Sky Mavis created Ronin Network to serve as an Ethereum sidechain for its Axie Infinity game.