Crypto hackers reportedly linked to North Korea nabbed about 620 million USD of cryptocurrency from the players of the popular game Axie Infinity. This was one of the biggest heists since the crypto industry burst into the mainstream scene with celebrity endorsements and sweet talks of immense wealth.
Reportedly, the heist occurred on 29th March and the US Treasury Department recently blamed North Korean hacker group, Lazarus.
Who are Crypto Hackers Targetting Axie Infinity Game?
Crypto hackers reportedly stoke the currency from Ronin Network, a Blockchain behind the play-to-earn game Axie Infinity. It is a game where players can earn cryptocurrency by playing or trading their avatars.
FBI blamed Lazarus Group for the theft. This cybercrime group is related to the North Korean state. It came to the spotlight in 2014 after facing allegations of hacking Sony Pictures Entertainment for the movie “The Interview”. According to the reports, they did it as revenge because a satirical film starring Seth Rogan and James Franco made fun of North Korea’s dictator Kim Jong-un.
Cyber Power of North Korea
North Korean cyber technology is in place since the 90s, but it has grown into a full-fledge cyber-warfare system called Bureau 121. Reportedly, it has 6000 strong cyber units operating from multiple countries including China, Russia, Belarus, Malaysia, and India.
A US-based IT service management company Netenrich said that North Korea had a unique way of hiring groups specialized in hacking cryptocurrency. The company further said that since North Korea is heavily sanctioned, stealing cryptocurrency is a national security interest for them. According to reports, last year North Korean crypto hackers stole around 400 million USD worth of cryptocurrency by attacking various digital currency outlets. Some reports claim that they were also behind the WannaCry Ransomware attack in 2017.
These hackers typically use code exploits, phishing lures, and malware to siphon funds from the hot wallets and move them to addresses controlled by the North Korean state.
Weakness in the System
In the case of Axie Infinity game, crypto hackers exploited a few weaknesses in the system installed by Vietnam-based firm Sky Mavis. The company was facing a problem with Ethereum Blockchain, which was incredibly slow and expensive. In order to optimize the speed at which Axie Infinity players can buy or sell, the firm built an in-game currency and Ronin Network, a sidechain network connecting to the main Ethereum blockchain with a bridge. This bridge helped Axie Infinity players to transfer funds between the game and other blockchains. It made the results faster and cheaper but also less secure. Hackers targetted the sidechain and stole more than 173,000 Ethereum plus 25 million USD worth of Stablecoin.
Sky Mavis has blocked the Ronin bridge due to the theft. It told the media that it will reinstate the system after taking some security measures. According to reports, it will be nearly one month for the Axie Infinity crypto network to come back online.