The US Federal Bureau of Investigation said North Korean hacking groups were behind the US$620 million heist from the popular blockchain game Axie Infinity.
In a statement, the FBI said the Lazarus Group and APT38 – “cyber actors associated with the (Democratic People’s Republic of Korea)” – were responsible for the theft of US$620 million in Ethereum reported on 29 March.
That was the day Axie Infinity operator Sky Mavis said US$625 million worth of cryptocurrency was stolen from the game, in what was one of the biggest hacks of its kind.
Hackers had exploited a weakness in the Ronin Network, a bridge used to transfer cryptocurrency in and out of the game, and made off with 173,600 ethereum (about US$600 million) and 25.5 million USDC, a stablecoin pegged to the US dollar.
Sky Mavis has since shut down the Ronin Network in a bid to add additional security measures and said the bridge will likely be redeployed at the end of the month.
Blockchain analytics company @PeckShield has since flagged that some 3,200 ETH (US$9.2 million) have been washed through privacy protocol Tornado Cash, which can be used to further obfuscate the transaction histories.
Another blockchain analytics firm Elliptic estimated the hackers have laundered over US$100 million so far.
Axie Infinity was one of the largest, and most popular play-to-earn games in the industry, with almost 2 million daily active users last year.
Players can play and earn in-game currency by breeding and competing multiple digital monsters called “Axies”, which are represented by non-fungible tokens or NFTs.
This currency is used to progress in the game or can be cashed out at cryptocurrency exchanges.
Players can also sell their Axie NFTs to other players.
Sky Mavis has since managed to raise US$150 million in funding to help reimburse affected users, a move that they hope will boost investor confidence.
*Featured image from Axie Infinity
By Samantha Chan \ 10:00, 25 April 2022