The US authorities are celebrating after grabbing about 10% of the cryptocurrency stolen by North Korean state hackers in the notorious Ronin Network heist in March.
In total, around $30m was seized as part of the digital raid – the first time ever that cryptocurrency stolen by the reclusive nation has been taken back, according to Chainalysis.
Around $618m was originally stolen from Ethereum sidechain Ronin Network, created by Vietnamese blockchain game developer Sky Mavis. This included 173,600 Ether ($592m at the time) and $25.5m in two transactions, although the price of digital currency has fluctuated since.
“We have proven that with the right blockchain analysis tools, world-class investigators and compliance professionals can collaborate to stop even the most sophisticated hackers and launderers,” said Chainalysis, which helped with the investigation.
“There is still work to be done, but this is a milestone in our efforts to make the cryptocurrency ecosystem safer.”
The threat actors had accessed five of the nine private keys held by transaction validators for Ronin Network’s cross-chain bridge, according to Chainalysis. After using this majority to approve the withdrawals, they began a complex laundering process involving a staggering 12,000 discrete crypto addresses.
Initially, Lazarus Group hackers would send the stolen Ether to intermediary wallets and then to mixing service Tornado Cash. Ether is then swapped for Bitcoin, mixed again in batches and finally deposited in crypto-to-fiat services for cashing out.
However, Tornado Cash was subsequently sanctioned by the US Treasury for its role in the laundering of these funds, forcing Lazarus to try a different tactic. It used decentralized finance (DeFi) services to chain hop, or switch between several different kinds of crypto-currencies in a single transaction.
“Bridges serve an important function to move digital assets between chains and most usage of these platforms is completely legitimate. Lazarus appears to be using bridges in an attempt to obscure source of funds. With Chainalysis tools these cross-chain funds movements are easily traced,” the firm claimed.
Although the sum seized is relatively small, it will send an important message to digital thieves. Chainalysis is confident of more to come.
“Much of the funds stolen from Axie Infinity remain unspent in cryptocurrency wallets under the hackers’ control,” it concluded. “We look forward to continuing to work with the cryptocurrency ecosystem to prevent them and other illicit actors from cashing out their funds.”