North Korean hackers behind $600 million crypto heist involving NFT game, says FBI | #cybersecurity | #cyberattack


The Federal Bureau of Investigation has linked North Korean hackers to the crypto heist of over $600 million involving the NFT-based game, Axie Infinity. The game, which allows players to earn money in cryptocurrency through play and trading, fell prey to hacking in one of the biggest heists when its linked blockchain platform, Ronin, suffered a breach over the last few months, but the discovery of the same was made last month.

“Through our investigations we were able to confirm Lazarus Group and APT38, cyber actors associated with [North Korea], are responsible for the theft,” the FBI said in a statement on Thursday.

The Lazarus Group is believed to be controlled by the primary intelligence bureau of North Korea. Its name has previously been linked to the infamous hacking of Sony Pictures that leaked controversial data, including a movie that portrayed Korea’s supreme leader, Kim Jong-un, in a humorous way. It has also been associated with the WannaCry ransomware attacks as well as the hacking of international banks. But never has the group been linked to a crypto heist before.

“The United States is aware that the DPRK has increasingly relied on illicit activities including cybercrime to generate revenue for its weapons of mass destruction and ballistic missile programs as it tries to evade robust US and UN sanctions,” a US Treasury Department spokesperson said.

North Korea’s hacking programme may have been operational since at least the mid-1990s and, over the past years, has expanded to form a 6,000-strong cyber warfare unit, called Bureau 121. This unit is believed to operate in several countries, including Belarus, China, India, Malaysia and Russia, a 2020 US military report said.

The heist that targeted Axie Infinity syphoned off 173,600 Ethereum, whose collective value was roughly $625 million at that time. According to Sky Mavis, the creator of the NFT-based game, hackers exploited a backdoor in a Remote Procedure Call node that validates transfers to and from Ronin using hacked private security keys. Hackers could sweep large quantities of Ethereum and USDC cryptocurrencies from Ronin after they managed to successfully compromise the network nodes.

Sky discovered the breach — which was created because of a backdoor the company forgot to patch despite being aware — after a week and immediately suspended crypto exchanges on Ronin. It also said that it was working with law enforcement to recover the stolen crypto money. The FBI’s accusation against North Korean hackers, however, does not talk about the recovery of the Ethereum and USDC cryptocurrencies that were stolen.



Original Source link

Leave a Reply

Your email address will not be published.

five + five =