The Kim Jong-un regime has raised a total of $2.3 billion through cybercrime throughout its history.
Despite recent improvements, the cryptocurrency market remains a highly volatile and risky sector of the economy, with a lack of government oversight and flaws in the development of services putting market participants at risk of suffering significant losses. This is an unintended consequence of the meteoric rise in popularity of a promising but yet relatively new technology. The catch for a hacker in 2022 who hacks into a multinational firm in a time of crisis will be usernames and passwords, while the catch for one who assaults a cryptocurrency site may be hundreds of millions of dollars. The authorities in North Korea, who are blocked off from the rest of the world's markets due to international sanctions, are taking advantage of this situation with particular vigour. The United States government is combatting cybercrime in the Democratic People's Republic of Korea with different degrees of success, but the leaders of the business are faring the best so fair, banding together against a "shared adversary."
They played big
Cryptocurrency startup Ronin, whose services are utilized by the makers of the world's most popular Game-Fi game Axie Infinity, released an ominous statement on its website on the morning of March 29. “There has been a security compromise on the Ronin Network. We work directly with various government agencies to ensure that criminals are brought to justice.” A little later, it revealed out that the corporation committed the greatest theft of cryptocurrency in history - hackers took 173.6 thousand Ethereum coins (ethers) and 25.5 million USDC (stablecoins tied to the dollar) for a total sum of roughly 625 million dollars. The attackers turned out to be so competent that the hack was detected only after 6 days, when one of the users of the game was unable to withdraw 5 thousand ethers from it. In terms of magnitude, the assault on Ronin left behind the dramatic breach of the Poly Network protocol in August 2021, as a consequence of which the hacker extracted 611 million dollars in different cryptocurrencies.
Axie Infinity was the target of the hackers, which was not unexpected given that the game's producers had sold more than $4 billion worth of non-fungible tokens (NFTs) only a month before the event occurred. In spite of the fast expansion and widespread popularity of the NFT business, it was previously impossible to sell a single series of tokens for such a large sum of money. Because of the expensive cost of the game, some players have expressed unhappiness with it at times; as a result, the firm had to introduce a "scholarship program" last year in order to reach a broader audience with the game. The program was created in order to foster collaboration between players who lack financial resources and those who lack the necessary time and expertise.
The fact that the project's members have the chance to make money during their spare time helps to explain the project's high profitability. For entry into the game, players must purchase NFTs with pictures of different species. Once inside, they may raise the creatures, create kingdoms for them, train them to battle and reproduce, and so on. The project features its own internal economy, in which players may purchase and sell resources in exchange for ethers, which they acquire while playing the game itself. The primary objective is to grow the number of animals and stuff in the collection. However, after the March 29 attack, trade inside Axie Infinity was forced to be halted as fans of the game and crypto specialists alike started to raise concerns about the service's overall security and reliability.
It was discovered by Ronin that the theft occurred as a result of an attacker hacking "validator nodes" of a blockchain bridge, which allows tokens or data to be transferred from one blockchain network to another despite the fact that their protocols, smart contracts, and governance models are all different. If five out of nine validators agree that you should be able to withdraw money, the system authorizes you to do so. A sufficient number of validators' private crypto keys were obtained by the hackers, according to company representatives, and "all evidence indicates that this attack was provoked by social engineering, rather than a technical error," which means that expert manipulation of the company's personnel was the key to success.
Resurrected Lazarus
The North Korean Lazarus Group was blamed for the hack, according to the US Treasury Department, which published a statement on April 14 in which it claimed responsibility for the strike and identified the perpetrators. The participation of cybercriminals from the Democratic People's Republic of Korea in the event was verified the same day by the blockchain data processing company Chainalysis. The Lazarus Group, also known as the Guardians of Peace and the Whois Team, has been blamed for a series of cyberattacks that took place between 2010 and 2021, according to authorities.
It is said by the US Treasury Department that the organization, which consists of two units (Bluenoroff and Andariel), was established in 2007 and is under the direction of the North Korean General Staff's Intelligence Directorate. According to the United Nations, cryptocurrency theft is a "essential source of cash" for Pyongyang's nuclear and ballistic missile programs, which are being crippled by sanctions from the United States and other countries. In 2021, the National Intelligence Agency of the United States reached a similar judgment.
According to Chainalysis, North Korean cybercriminals managed to steal approximately $499 million in cryptocurrencies in just one year in 2021, and the United States and the United Nations have reported that the Kim Jong-un regime has raised a total of $2.3 billion through cybercrime throughout its history.
Defectors who have managed to flee North Korea claim that local hackers are being taken to the Chinese city of Shenyang, which is considered to be one of the country's most educated towns, for special training. They are taught how to inject different forms of harmful programs into computers, computer networks, and servers while they are at the facility. Internally, future criminals receive the necessary qualifications at universities such as the Kim Chaek Polytechnic Institute, the Kim Il Sung University, and the Moranbong University - these institutions select the most capable students from all over the country and train them for a period of six years in various fields. According to estimates from the United States Department of Defense and South Korea, the unit responsible for executing military-cybernetic operations inside the Intelligence Directorate of the General Staff, also known as Bureau 121, now has more than 6,000 people.
While Kim Jong-un was in power, his army of hackers managed to launch scores of successful assaults on some of the world's major corporations and financial institutions over the decade of Kim's leadership. According to the Lazarus Group, a hacker group broke into Sony Pictures Entertainment's network in 2014 and released personal papers, emails, and phone numbers of studio workers to the public. Attackers carried out the assault in order to put pressure on the production firm, which was about to release the comedy The Interview, which is a satire of North Korea's leader and his dictatorship.
Lazarus is also responsible for the devastating WannaCry 2.0 ransomware assault that took place in 2017, which infected at least 500,000 systems belonging to people, businesses, and governments in more than 200 countries across the globe, including the United States. Many businesses throughout the globe, including hospitals, airports, banks, and industries, have been forced to halt operations as a result of hacking. The most severe impact was seen in the United Kingdom, when a third of clinics were forced to postpone medical treatments, tests, and life-saving surgeries.
Prior to the Ronin attack, Lazarus' most infamous crime was the systematic hacking of an American federal bank, which garnered widespread attention. In 2018, the organization sent 35 bogus requests over the financial messaging network SWIFT in an attempt to steal approximately $1.1 billion from the Central Bank of Bangladesh, which was held at the Federal Reserve Bank of New York. Fifteen out of thirty-five requests were approved, and the hackers were successful in stealing $101 million, of which $20 million was transferred to Sri Lanka and $81 million was transferred to the Philippines.
It is estimated that Lazarus has successfully targeted at least 16 institutions in 13 nations, according to the United States Treasury (Bangladesh, Chile, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Vietnam, and others). Xie Infinity's theft of cash happened after a two-year hiatus - the gang perpetrated its most recent crime at the end of 2020, targeting pharmaceutical businesses, particularly the Anglo-Swedish corporation AstraZeneca, which manufactures coronavirus vaccines, as well as other companies.
Regulatory impotence
On the same day that the Ronin hacks were installed, the Office of Foreign Assets Control (OFAC) of the United States Department of the Treasury sanctioned the crypto address that Lazarus used to withdraw monies from the account. The sanctions ban people and businesses from the United States from conducting wallet transactions in order to prevent hackers from withdrawing cash from cryptocurrency exchanges in the United States. Considering that the limits were placed just 15 days after the assault, it is important to note that the attackers were able to launder a fifth of the stolen cash (18 percent), according to the research, because of the delay on the part of the American intelligence agencies. Elliptic is a blockchain information supplier. After withdrawing $80.3 million in Ether and depositing another $9.7 million in Ether into "intermediate" wallets meant for laundering, the gang had left $433 million in the original wallet as of April 14.
Hackers continued to launder money despite the restrictions imposed. The Office of Foreign Assets Control of the United States Department of the Treasury (OFAC) placed sanctions on three additional addresses used by fraudsters on April 22 after they transferred stolen ether worth $150 million to those addresses. Elliptic, on the other hand, claims that hackers were able to remove about $1.2 million from their accounts on the day the new limits were disclosed by the United States authorities. By April 22, the initial wallet used by Lazarus in the attack had just $281 million worth of assets remained, less than half of the total amount of cash taken.
Sanctions on Lazarus have been levied before by the United States. As a result of their participation in the 2014 Sony Pictures breach and the disastrous WannaCry ransomware assault, the organization was first targeted by the Treasury Department in 2019. Associated Press writers said at the time that "the acts of the United States government are enabling the freezing of any assets that hacking organizations may have inside the jurisdiction of US financial institutions - although such assets are likely to be very few, if any, in existence." The US Department of Justice charged three accused Lazarus members, Park Jin-hyuk, John Chang-hyuk, and Kim Il in February 2021, for their roles in multiple cyber efforts, which occurred just before the Axie Infinity event.
Only the world's biggest cryptocurrency exchange Binance, through which hackers attempted to launder assets, has made significant strides in eradicating the ramifications of the attack in question. On April 22, when a portion of the stolen assets originated from 86 separate accounts on the platform, the site's engineers were able to halt the transactions and recover $5.8 million from the criminals. According to Changpeng Zhao, CEO of Binance, "we have done this many times previously for different initiatives."
Researchers discovered that hackers converted 26 million USDC into ethers through decentralized exchanges (DEXs) to avoid being forced to forfeit their stablecoins - stablecoins are coins that are controlled by their issuing companies, and in some cases, tokens associated with illegal activities can be confiscated. Hackers were able to evade anti-money laundering (AML) and Know Your Customer (KYC) requirements that are present on centralized exchanges by converting USDC via a decentralized exchange.
In an unexpected move, the North Korean hackers laundered $16.7 million worth of bitcoin by trading it on three controlled cryptocurrency platforms, according to the FBI. As a result of these sites' public announcement that they will collaborate with law authorities to identify and prosecute the hackers, the attackers modified their tactics once again. Lazarus has resorted to utilizing the Tornado Cash "cryptomixer," a popular tool for laundering stolen digital money that has gained widespread popularity in recent years. The service enables you to entirely conceal the link between the source and receiver of ether in the blockchain, allowing you to conduct transactions in perfect secrecy.
The monies from the fraudsters were recovered by Binance despite the fact that the stolen bitcoin had reached the exchange in a "disguised" form after having been processed via a mixer. According to another site spokesperson, "we collaborated with industry-leading blockchain analytics businesses and instantly froze money when it was revealed that there was an effect on our platform." Despite the fact that the exchange was only able to withdraw a tiny portion of the stolen 625 million, analysts are optimistic that this success will pave the way for the recovery of the remaining money, which are now held in Bitcoin.
The third-party freeze, according to Chainalysis, is a "victory" for all victims of the Ronin cyberattack. It has also been revealed that the business that controls the cryptomixer Tornado Cash is now working on a solution to ban sanctioned wallets.
Collective responsibility
According to Chainalysis, cryptocurrency hackers established a new world record for theft in 2022, stealing digital assets worth a total of 1.3 billion dollars in the first three months of the year. Already in April, a few days after the assault on Ronin, another large breach happened - an unknown individual took 182 million dollars in digital money from the Beanstalk crypto project, which was based on blockchain technology.
Hackers have done extensive research into the vulnerabilities of the burgeoning crypto-economy. They have figured out how to take advantage of defects in the code of decentralized platforms, and they have mastered the tools that aid in the concealment of criminal activity, such as mixers and extremely secret cryptocurrencies such as Monero, among others. Furthermore, a lack of international law enforcement cooperation in the cryptocurrency area contributes to the growth of cybercrime in the space.
The writers at the Washington Post feel that the fact that Lazarus still has access to the money taken from Axie Infinity, even more than a month after the theft, demonstrates that national authorities' capacity to prevent unlawful cryptocurrency transfers is highly restricted. Despite the fact that the United States government "continues to take subversive measures against organizations that facilitate the movement of stolen virtual currency" and "calls on the crypto community to lock their digital doors," experts say the government should do more to prevent the spread of stolen virtual currency.
Experience has shown that a single highly trained coder can do more than the whole government of a nation. In January 2021, a hacker working under the alias P4x was himself hacked by a North Korean outfit operating under the cover of anonymity. An extensive effort to steal knowledge about software vulnerabilities from Western organizations was launched, with P4x being only one of the victims. Approximately two weeks later, North Koreans started to complain about significant connection issues. It seemed that almost all of the country's few websites were being dramatically unplugged from the network on a regular basis - breakdowns started even on the official website for the DPRK government. Later, P4x claimed that he was the only person responsible for "bringing down" the Internet in a whole nation.
It has proven to be more difficult for governments to combat crime in the cryptocurrency sector than other types of state prosecution because it requires the coordinated efforts of law enforcement agencies from all over the world, as well as close collaboration with representatives from the cryptocurrency industry itself. As of right now, various nations are moving at very different speeds when it comes to combating cybercrime - many of them allow the establishment of "gray zones" that are free of regulation, allowing criminals to travel from legitimate sites to less regulated areas of the internet ecosystem. Apart from that, cryptocurrency firms must enhance their security mechanisms voluntarily on their own behalf. Experts in the area of digital currency believe that only collaborative efforts will be able to prevent hacks in the field of decentralized finance - the burden rests with each individual nation and each individual corporation.