North Korean-tied hackers had been accountable for a US$620mil (RM2.62bil) cryptocurrency heist final month focusing on gamers of the favored Axie Infinity recreation, US authorities mentioned Thursday.
The hack was one of many greatest to hit the crypto world, elevating large questions on safety in an business that solely just lately burst into the mainstream because of superstar promotions and guarantees of untold wealth.
Last month’s theft from the makers of Axie Infinity, a recreation the place gamers can earn crypto via recreation play or buying and selling their avatars, got here simply weeks after thieves made off with round US$320mil (RM1.35bil) in an identical assault.
“Through our investigations we had been in a position to affirm Lazarus Group and APT38, cyber actors related to (North Korea), are accountable for the theft,” the FBI mentioned in an announcement.
Lazarus Group gained notoriety in 2014 when it was accused of hacking into Sony Pictures Entertainment as revenge for “The Interview,” a satirical movie that mocked North Korean chief Kim Jong Un.
North Korea’s cyber-program dates again to not less than the mid-Nineteen Nineties, however has since grown to a 6,000-strong cyber-warfare unit, referred to as Bureau 121, that operates from a number of nations together with Belarus, China, India, Malaysia and Russia, in line with a 2020 US army report.
John Bambenek, a menace analyst with digital safety agency Netenrich, mentioned North Korea is “distinctive” in using teams devoted to cryptocurrency theft.
“As North Korea is highly-sanctioned, cryptocurrency thefts are additionally a nationwide safety curiosity for them,” he mentioned.
North Korean hackers stole round US$400mil (RM1.69bil) value of cryptocurrency via cyberattacks on digital foreign money retailers final yr, blockchain knowledge platform Chainalysis mentioned in January.
In the case of the Axie Infinity heist, attackers exploited weaknesses within the set-up put in place by the Vietnam-based agency behind the sport, Sky Mavis.
The firm needed to resolve an issue: the ethereum blockchain, the place transactions within the ether cryptocurrency are logged, is comparatively gradual and costly to make use of.
To permit Axie Infinity gamers to purchase and promote at velocity, the agency created an in-game foreign money and a sidechain with a bridge to the principle ethereum blockchain.
The outcome was quicker and cheaper — however finally much less safe.
The assault focusing on its blockchain netted 173,600 ether and $25.5 mil (RM107.98mil) value of stablecoin, a digital asset pegged to the US greenback. – AFP
