Axie Infinity successfully recovered $30 million worth of stolen cryptocurrency.
Last March, Axie Infinity reported that their systems were breached by North Korean-linked hackers that compromised 173,600 Ethereum and 25.5M USDC, which at that time was valued at $620 million.
However, today, at the AxieCon event, the company announced that, with the help of the U.S. government, FBI agents, and leading organizations in the cryptocurrency industry, more than $30 million worth of cryptocurrency was seized back from the hackers.
The massive cryptocurrency hack was allegedly carried out by the Lazarus group, a threat group linked to North Korea.
Axie Infinity Recovers $30 Million
Axie Infinity's seizure of the stolen funds is a collaborative effort with the help of private organizations in the blockchain and cybersecurity fields and the multiple branches of law enforcement authorities.
According to Chainalysis, which also contributed to the recovery, reported that its Crypto Incident Response team used sophisticated tracing methods to follow stolen assets and coordinated with law enforcement authorities and industry players to swiftly freeze accounts.
Chainalysis stated that this effort proves that even the most skilled and adept launderers can be thwarted from committing criminal offenses with the collaborative effort of regulatory experts, world-class investigators, and the right blockchain analysis tools.
As a result, it will now get harder for criminal actors to successfully cash out their illicit cryptocurrency earnings.
Although there is still more to be done, this marks a significant advancement in their efforts to secure the cryptocurrency ecosystem.
Axie Infinity's Hack by the Lazarus Group
Axie Infinity's massive cryptocurrency breach was due to a social engineering tactic deployed by the threat actors that targeted its employees.
The Lazarus group posted a fake job offering on LinkedIn, pretending to be an employer who is currently looking to hire someone who is experienced in the field.
An employee of the company, working as a senior engineer, took interest in the job post and applied.
Following a lengthy process of interviews, the applicant for the position was presented with a PDF file that detailed information regarding the job.
However, as innocent as a PDF file may appear, the hackers used the opportunity as an entry point into the Ronin system and triggered the launch of the breach.
The hackers accessed five of the nine private keys that were held by transaction validators for the cross-chain bridge that was used by the Ronin Network. This triggered the beginning of the attack.
After that, they then used it to approve withdrawals of 25.5 million USD coins (USDC) and 173,600 ether (ETH).
According to BleepingComputer, the typical money-laundering scheme utilized by North Korea involves approximately five stages.
First, Ethereum tokens are sent to intermediary wallets.
Second, the crypto will then enter Tornado Cash in batches.
Third, ethereum will be swapped to Bitcoin.
Fourth, these Bitcoins will be mixed in batches.
Fifth, the holdings will the be deposited to a crypto-to-fiat services for cashout
Hacking in the Cryptocurrency Industry
It is estimated that the overall financial damage caused by Lazarus's Axie Infinity attack was $620 million.
Furthermore, the money that was recovered only represented roughly 5% of that value and 10% of the cryptocurrency amount.
Despite this, the blow to Lazarus group is nevertheless significant since it demonstrates that illegitimately obtained digital assets are difficult to transfer around, launder, and ultimately convert into fiat currency.
Given that the Lazarus group is widely considered to be among the most technically advanced and experienced hackers, the message that law enforcement sent out has also caused a rippling effect throughout the whole DeFi hacking community.