North Korean hackers pulled off $620 million crypto heist, FBI says

North Korea was behind the theft of $620 million in cryptocurrency from the Ronin Network, a blockchain used in the popular game "Axie Infinity," the FBI said. Photo by KCNA/UPI
North Korea was behind the theft of $620 million in cryptocurrency from the Ronin Network, a blockchain used in the popular game "Axie Infinity," the FBI said. Photo by KCNA/UPI | License Photo

SEOUL, April 15 (UPI) -- Hackers connected to the North Korean government were behind the theft of over $600 million in cryptocurrency from an online video game network last month, the FBI said.

"Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29," the FBI said in a statement released Thursday.


The Democratic People's Republic of Korea is the official name of North Korea.

"The FBI, in coordination with Treasury and other U.S. government partners, will continue to expose and combat the DPRK's use of illicit activities -- including cybercrime and cryptocurrency theft -- to generate revenue for the regime," the statement said.

Video game company Sky Mavis announced in March that it had discovered the breach of Ronin Network, the blockchain used by players of its hugely popular Axie Infinity game. The game allows users to earn cryptocurrency through playing and trading characters called Axies, which are unique nonfungible tokens.


"We would like to extend a thank you to all law enforcement agencies who have supported us in this ongoing investigation," the Vietnam-based developer said in a statement Thursday.

"We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk," the statement added. "Expect the bridge to be deployed by end of month."

The attack was the largest cryptocurrency heist in history, according to cybersecurity website Comparitech.

The Lazarus Group has been connected to several high-profile cybercrimes, including the 2014 hack of Sony Pictures, in which the group leaked confidential data and demanded the withdrawal of the upcoming film The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong Un.

Lazarus was also behind the massive WannaCry ransomware attack that affected hundreds of thousands of computers around the world in 2017, according to the U.S. Justice Department.

The U.S. Treasury earlier on Thursday updated its sanctions against the Lazarus Group, adding the Ethereum address tied to the Ronin Network hack to its designation.

In 2019, the department said that North Korea was using cybercrime as a way to evade international sanctions and generate revenue for its growing nuclear weapons and ballistic missile programs.


Pyongyang's hacking activities have continued to develop in recent years and are increasingly targeting cryptocurrency holdings, a United Nations panel of experts reported in March.

"Cyberattacks, in particular on cryptocurrency assets, remain an important revenue source for the government of the Democratic People's Republic of Korea," their report to the U.N. Security Council said.

The secretive regime's cybercriminals extracted nearly $400 million in digital assets in 2021, their highest total to that point, according to a report by blockchain researcher Chainalysis.

North Korea has conducted a flurry of weapons tests this year, including its first full launch of an intercontinental ballistic missile since 2017. Seoul and Washington are on alert for further provocations, including a possible nuclear weapon test, as the country celebrates the birth anniversary of founder Kim Il Sung on Friday.

Latest Headlines