16 April 2022

THE 'GOTCHA' BLAME-GAME: Attacks Foiled After The Fact...Never In-Process

Intro: This attack is the largest crypto hack in history, with the previous most significant theft of cryptocurrency being the $611 million Poly Network hack from August 2021.
NOTE THE NAME The Lazarus Group, a Biblical reference to someone who miraculously rose from the dead.
The Lazarus Group (tracked as HIDDEN COBRA by the United States Intelligence Community) is a North Korean military hacking group active for more than a decade, since at least 2009.Its operators are linked to multiple high-profile hacks, including the 2017 global WannaCry ransomware campaign and attacks against Sony Films and various banks worldwide.
Google also spotted the Lazarus Group's attempts to target security researchers in January 2021 and March 2021 as part of complex social engineering attacks.The US Treasury sanctioned three DPRK-sponsored hacking groups (Lazarus, Bluenoroff, and Andariel) in September 2019.The US government also offers a reward of up to $5 million for tips on the DPRK hackers' malicious activity to help identify or locate them.
Here are snippets of two reports in the past two days, one after the other - the first is taken from The Verge. The second is taken from Bleeping Computer

Filed under:

US blames North Korean hacker group for $625 million Axie Infinity theft

1 comment

The US Department of Treasury says Lazarus is behind the attack

A screenshot of Axie Infinity’s single-player mode

"The US Treasury Department blames North Korean hacking group Lazarus for stealing $625 million in cryptocurrency from the Ronin network, the blockchain backing the Axie Infinity play-to-earn crypto game, according to a report from Vice. On Thursday, the Department of Treasury updated sanctions to include the wallet address that received the funds and attributed it to the Lazarus group.

In an updated post about the incident, the Ronin network, which is owned by developer group Sky Mavis, explains the US Department of Treasury and FBI have pinned the attack on Lazarus. “We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” the post reads. “We expect to deliver a full post mortem that will detail security measures put in place and next steps by the end of the month.” Ronin says it will bring its bridge back online “by the end of the month.” The bridge allows users to transfer funds between other blockchains and Axie Infinity and has been blocked off since the attack.

As noted by Vice, the flagged wallet address currently contains over $445 million USD (148,000 Ethereum) and sent almost $10 million (3,302.6 ETH) to another address less than a day ago. Crypto transaction tracker Etherscan labels the address as “reported to be involved in a hack targeting the Ronin bridge.”

On March 29th, hackers made off with $625 million worth of Ethereum in one of the biggest crypto heists to date. According to cryptocurrency investigation group Chainanalysis, the Lazarus group is tied to North Korea’s intelligence agency and was responsible for seven attacks last year. The group gained notoriety for hacking Sony Pictures in 2014, leaking The Interview, a comedy set in North Korea directed by Seth Rogen. It later used Trojan malware to steal millions from ATMs across Asia and Africa in 2018 and has also been linked to WannaCry ransomware.

Reference: https://www.theverge.com/2022/4/14/23025739/north-korean-hacker-lazarus-axie-infinity-cryptocurrency-hack-theft-us-blames

 

FBI links largest crypto hack ever to North Korean hackers

The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the address that received the cryptocurrency stolen in the largest cryptocurrency hack ever, the hack of Axie Infinity's Ronin network bridge.

The Federal Bureau of Investigation (FBI) said two North Korean hacking groups, Lazarus and BlueNorOff (aka APT38), were behind last month's Ronin hack.

"Through our investigation, we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th," the FBI said.

"The FBI, in coordination with Treasury and other U.S. Government partners, will continue to expose and combat the DPRK's use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime."

. . .On March 29, Sky Mavis disclosed that the Ronin bridge was hacked, with 173,600 Ethereum and 25.5M USDC tokens stolen in two transactions [1 and 2], worth over $617 million.

Sky Mavis also published an update to their initial blog post disclosing the attack, saying the FBI now attributes the attack to the North Korean-backed Lazarus Group hacking group.

"Today, the FBI attributed North Korea based Lazarus Group to the Ronin Validator Security Breach," Sky Mavis said today..."

Reference: https://www.bleepingcomputer.com/news/security/fbi-links-largest-crypto-hack-ever-to-north-korean-hackers/ 

Related Articles:

US issues guidance on North Korean hackers, offers $5M reward

Ethereum dev imprisoned for helping North Korea evade sanctions

DPRK hackers go after crypto assets using trojanized DeFi Wallet app

$620 million in crypto stolen from Axie Infinity's Ronin bridge

US Treasury: Russia may bypass sanctions using ransomware payments

No comments:

OLAF SCHOLZ: Germany's Coalition Government Collapses After Chancellor Fires Finance Minister | BBC News

  Olaf Scholz fired Christian Lindner NPR Germany's coalition government collapses as Chancellor Scholz fires his finance chief 13 hours...