Hackers still laundering crypto haul
North Korean hackers who last month carried out one of the largest cryptocurrency thefts ever are still laundering their haul more than a week after they were identified as the thieves.
The cybercriminals continued access to the money, more than $600 million (NZ$900m) stolen from the Axie Infinity video game, underscores the limits of law enforcement’s ability to stop the flow of illicit cryptocurrency across the globe. The hackers are still moving their loot, most recently about $4.5m worth of the Ethereum currency on Friday, according to data from cryptocurrency tracking site Etherscan – eight days after the Treasury Department attempted to freeze those assets by sanctioning the digital wallet the group used in its attack.
The gang, which the Treasury Department identified as the Lazarus Group, also known for the 2014 hacking of Sony Pictures, so far has laundered nearly $100m – about 17% – of the stolen crypto, according to blockchain analytics firm Elliptic. They moved their haul beyond the immediate reach of US authorities by converting it into the cryptocurrency Ethereum, which unlike the cryptocurrency they stole cannot be hobbled remotely.
Authorities and major crypto industry players are scrambling to keep up. Treasury sanctioned three more addresses associated with the gang on Friday, as Binance, an international crypto exchange, announced it had frozen $5.8m worth of crypto the hackers had transferred onto its platform.
The high-stakes cat-and-mouse game unfolding between law enforcement and the North Korean hackers is another example of how criminals have learned to target the growing crypto economy’s weak points. They exploit faulty code in decentralised crypto platforms, use tools that help them hide their tracks such as converting assets to privacyenhancing cryptocurrencies like Monero, and take advantage of spotty law enforcement coordination across international borders.
The North Korean case also trains a spotlight on a crypto industry eager to demonstrate its trustworthiness to regulators, investors and customers, while retaining crypto’s freewheeling ethos. Some of the largest companies in the sector say they welcome government oversight and tout their investments in internal compliance programs.
Yet a review by The Washington Post of crypto accounts sanctioned by the Treasury Department over the last year-anda-half found four wallets that remained free to transact months after being placed on the administration’s blacklist. The apparent lapses are owed to flawed or incomplete compliance programs by Tether and Centre Consortium, a pair of companies involved in issuing so-called stablecoins, a type of cryptocurrency whose value is pegged to an external asset, typically the dollar.
‘‘These are people acting all over the world. Even if you enforce very well in one jurisdiction, if there are other jurisdictions with weaker enforcement, you’re still going to end up with a problem,’’ said Chris DePow, a compliance official at Elliptic.
Digital thieves are on track for a record-breaking year. They stole $1.3 billion worth of cryptocurrency in the first three months of the year, after seizing $3.2b in 2021, according to blockchain data firm Chainalysis.
As cybercriminals’ successes mount, so does the urgency for US authorities, who have come to view the attacks as threats to national security. The Lazarus Group, for one, is an important funding source for North Korea’s nuclear missile programmes, according to United Nations investigators. And Russian hackers last year hobbled the operations of a critical American fuel pipeline and the world’s largest meat supplier, relenting only after collecting multimilliondollar ransoms in cryptocurrency. (Much of the Colonial Pipeline ransom was recovered.)
The Russian invasion of Ukraine has sharpened policymakers’ focus on the issue. Some lawmakers worried that Russian government and oligarchs could use crypto to evade the international sanctions choking off their access to traditional financial channels. – Washington Post