A pair of suspected North Korean state-sponsored hacking group is behind the March 29 theft of $620 million worth of Ethereum cryptocurrency, according to the U.S. Federal Bureau of Investigation (FBI).
In a Thursday press statement, the FBI said its investigators “were able to confirm Lazarus Group and APT38” were behind the cryptocurrency theft. Lazarus Group and Advanced Persistent Threat (APT ) 38 are overlapping hacking organizations working on behalf of the North Korean government.
“The FBI, in coordination with Treasury and other U.S. government partners, will continue to expose and combat the DPRK’s use of illicit activities – including cybercrime and cryptocurrency theft – to generate revenue for the regime,” the FBI said.
On Thursday, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced it had placed the Lazarus Group on its Specially Designated Nationals (SDN) list. North Korean entities on the SDN list are barred from owning any assets or property in the U.S. or with U.S. financial institutions.
According to the U.S. cybersecurity firm Mandiant, APT 38 specializes specifically in financial crimes on behalf of North Korea, including stealing millions of dollars from banks around the world. Mandiant believes APT 38’s operations share “many overlapping characteristics” with Lazarus, as well as another hacking threat it calls TEMP.Hermit.
The Lazarus Group is known by a variety of other names, including Guardians of Peace, Whois Team, HIDDEN COBRA and Zinc. The hacking group is believed to have been involved in hacking Sony, the 2017 WannaCry hack, a 2016 hack of a Bangladesh bank and the 2017 theft of Bitcoin and Monero cryptocurrency users primarily based in South Korea.
According to Forbes, the March Ethereum hack was the second-largest cryptocurrency in history. The hack primarily targeted a non-fungible token (NFT)-based video game called Axie Infinity. The blockchain-based game allows users to raise and fight digital pets and trade items using an Ethereum-based in-game economy. The hack was apparently discovered after a user reported being unable to access 5,000 in-game tokens, which were worth about $17 million.