North Korean gang still has access to $600 million haul from crypto hack
WASHINGTON — North Korean hackers who last month carried out one of the largest cryptocurrency thefts ever are still laundering their haul more than a week after they were identified as the thieves.
The cybercriminals’ continued access to the money, more than $600 million stolen from the Axie Infinity video game, underscores the limits of law enforcement’s ability to stop the flow of illicit cryptocurrency across the globe. The hackers are still moving their loot, most recently about $4.5 million worth of the Ethereum currency on Friday, according to data from cryptocurrency tracking site Etherscan — eight days after the Treasury Department attempted to freeze those assets by sanctioning the digital wallet the group used in its attack.
The gang, which the Treasury Department identified as the Lazarus Group, also known for the 2014 hacking of Sony Pictures, so far has laundered nearly $100 million — about 17 percent — of the stolen crypto, according to blockchain analytics firm Elliptic. They moved their haul beyond the immediate reach of U.S. authorities by converting it into the cryptocurrency Ethereum, which unlike the cryptocurrency they stole cannot be hobbled remotely. Since then, the gang has worked to obscure the crypto’s origins primarily by sending installments of it through a program called Tornado Cash, a service known as a mixer that pools digital assets to hide their owners.
Authorities and major crypto industry players are scrambling to keep up. Treasury sanctioned three more addresses associated with the gang on Friday, as Binance, a large international crypto exchange, announced it had frozen $5.8 million worth of crypto the hackers had transferred onto its platform.
The high-stakes cat-andmouse game unfolding between law enforcement and the North Korean hackers is another example of how criminals have learned to target the growing crypto economy’s weak points. They exploit faulty code in decentralized crypto platforms, use tools that help them hide their tracks such as converting assets to privacy-enhancing cryptocurrencies like Monero, and take advantage of spotty law enforcement coordination across international borders.
The North Korean case also trains a spotlight on a crypto industry eager to demonstrate its trustworthiness to regulators, investors and customers, while retaining crypto’s freewheeling ethos. Some of the largest companies in the sector say they welcome government oversight and tout their investments in internal compliance programs.
Digital thieves are on track for a record-breaking year. They stole $1.3 billion worth of cryptocurrency in the first three months of the year, after seizing $3.2 billion in 2021, according to blockchain data firm Chainalysis. Hackers pulled off another major heist last Sunday, stealing about $76 million worth of digital assets from a crypto project called Beanstalk, according to Etherscan data.
As cybercriminals’ successes mount, so does the urgency for U.S. authorities, who have come to view the attacks as threats to national security.