North Korean hackers behind $600 million crypto heist says FBI

Backed by the state, hackers operate from various locations in Asia.
Ameya Paleja
Cyber hackers are backed by North Korean stateDmitry Nogaev/ iStock

Cyber actors such as the Lazarus Group and APT38, from North Korea, have been confirmed by the Federal Bureau of Investigation (FBI) to be involved in the $600-million crypto-heist that took place last month, the investigation agency said in a press release

Earlier this year, we had reported that North Korean cybercriminals made away with over $400 million in 2021 alone. These actors are backed by the North Korean state and have made a bold start to 2022 after pulling off what is believed to be the biggest theft of cryptocurrency ever. 

The $600 million cryptoheist

As we had reported last month, the incident occurred on the 23rd of March, when the cybercriminals attacked the Ronin network, which is used as a platform to operate the popular battle game Axie Infinity. 

The network operates with nine validator nodes and requires at least five validator signatures to recognize a deposit or withdrawal. The attackers managed to get control of four of the network's validators and abused a backdoor feature in the network to get a validator usually used by Axie.  

Using these five validators, the cyber attackers were successful in forging fake withdrawals to the tune of about $620 million, as confirmed in the FBI press release. 

North Korean state-backed hacking

The U.S. investigations have linked the heist to Lazarus and APT38 groups of cyber hackers that have been associated with other hacks in the past. Both these groups are backed by the North Korean state and are believed to be part of the 6,000-strong cyber warfare unit that the country operates.

According to a United Nations report published earlier this year, the North Korean state is using stolen crypto assets to fund its missile development program. Two weeks ago, the country tested an intercontinental ballistic missile with the highest range in its own history and carried out a series of missile tests last year as well. 

Along with the UN, the U.S. has also imposed sanctions on the country. However, to avoid these sanctions, the attackers work from different Asian countries such as China, Belarus, Russia, Malaysia, and India, BBC said in its report.

 

message circleSHOW COMMENT (1)chevron