Axie Infinity, the famous Metaverse game faced the biggest Cryptocurrency hack of all time and lost more than $ 600 Million worth of Ethereum and USDC on March 23 this year.
137,600 Ethereum and 25.5 Million USDC were drained out of the Ronin Bridge between Axie and the Ethereum Blockchain.
The incident came into revelation after 6 days when an Axie member was unable to withdraw 5000 Ethereum. Ronin operations were paused by Axie and Binance and investigations started straight away.
A human error from December 2021 at Axie’s end and social engineering had been identified as the causes of the hack but it was unknown who was behind the malicious attack until the confirmation was done by the FBI and the U.S. Department of Treasury.
The FBI and U.S. Department of The Treasury have confirmed that the hack had been operated by the North Korean Government-backed cybercrime group “Lazarus”.
The affiliates and crypto-wallets addresses of Lazarus as well as Lazarus themselves have been sanctioned by the U.S. Treasury Department.
Investigative and cryptocurrency tracker firms Elliptic and Chainalysis have agreed to the findings. They have been assisting in the investigation all along with the crime investigators since the Axie Infinity hack happened.
Formerly known as Hidden Cobra, Zinc, or Guardians of Peace, the primary work field of the notorious Lazarus is to carry out cyber espionage and phishing attacks by implanting malware, and hence collecting Ransomes and/or draining money and cryptocurrencies out of companies’ accounts.
They have mostly targeted South Korea and centralized exchanges and banks in 31 more countries including the perpetration of the Sony and the Bangladesh Reserve Bank hack incidents.
According to many Intelligence reports, the funds accumulated by Lazarus through cybercrimes are said to enrich the North Korean Nuclear Test Program funds, although the North Korean Government has been denying the existence of the group all along.
Major Cryptocurrency Exchange Binance has recovered part of the stolen crypto.
The CEO of Binance, Mr. Changpeng Zhao [also known by the name of CZ], has announced that $5.8 Million worth of the stolen cryptocurrency has been recovered from the hackers’ wallets.
The announcement was published in Binance’s self-owned CoinmarketCap report.
When the hack happened, a fresh wallet address and a meagre amount of Ethereum for gas fees for the transactions were used.
The Ethereum for the gas and the address had been acquired by Lazarus through a Binance wallet and the theft amount was distributed to 3 more addresses within the same exchange and to some addresses of FTX.
Lazarus started moving the funds on April 22. Some of the cryptos were sent to 86 wallet addresses of Binance.
Binance had previously assured Axie owner Sky Mavis that they would assist in the investigation in every possible way and had raised funds too to reimburse and compensate those people who were affected most due to the hack.
Decentralised Exchange Tornado Cash [TORN] has blocked Lazarus addresses on their platform. After the U.S. Treasury Department’s announcement about Lazarus and its affiliates, TORN has blocked all the addresses associated with Lazarus in their platform in compliance with the U.S. sanctions.
Roman Semenov, the co-founder of TORN said that the changes have been made at the frontend [dApp level], to prevent Lazarus from accessing the stolen assets.
Chainalysis Oracle smart contract was used to block the sanctioned addresses. It created a contract that blocked the sanctioned addresses through the creation of 3 transactions. A total of 24 addresses had been frozen by the Oracle.
TORN is a decentralised protocol that breaks the on-chain link between source and destination addresses and thus makes transactions anonymous and untraceable. For this reason, it is preferred by many who try to move their funds secretly.
Lazarus intended to transfer the stolen crypto and conceal the transactions. So, just a few days after the Axie Infinity hack, they moved 2,000 Ethereum [in 20 transfers of 100 Ethereum each] from their wallet to the TORN on April 4, according to the on-chain data.