How North Korean hackers became masters at stealing cryptocurrencies

How North Korean hackers became masters at stealing cryptocurrencies

On March 29, Ronin Network, a cryptocurrency platform, announced the disappearance of 173,000 Ethers and 25.5 million US Coins, the equivalent of approximately 500 million euros. It is the biggest theft of cryptocurrencies of all time, after that of Poly Network, which was robbed of the equivalent of 554 million euros.

The FBI has now determined the perpetrators of these misdeeds.

“Through our investigation, we were able to confirm that Lazarus Group and APT38, cyber actors associated with the People’s Republic of North Korea, are responsible for the theft of $620 million in Ethereum reported on March 29”can we read in a tweet of the federal agency.

The US Treasury Department, for its part, has banned all transactions with the wallet addresses used by hackers.

Also see video:

How did the Pyongyang hackers pull off this stunt? By skillfully exploiting flaws in the service “bridge”, from Ronin Network, which allows users to switch between blockchain to another.
To carry out this type of transaction, it was necessary to obtain the agreement of at least five validation nodes out of the nine existing ones. Four nodes are managed by Sky Mavis, the Vietnamese company, which created Ronin Network. The others are held by third parties.

North Korean hackers managed to recover private keys to Sky Davis nodes, likely using social engineering techniques. They were also able to get their hands on the private key of a third-party validator node. For reasons of transactional management, it had been temporarily placed under the control of Sky Mavis, but this right has never been revoked. Expensive negligence.

Elliptic analysts have established that around 20% of the stolen funds have already been laundered, mainly through the decentralized platform Tornado Cash, a kind of washing machine that makes it possible to cover the tracks in Ethereum transactions. .
This flight is far from being the first carried out by the hackers of Pyongyang. According to chainanalysis, they would have recovered the equivalent of more than a billion dollars since 2017. No doubt, they are real pros who take advantage of the poor level of security of cryptocurrency platforms. And it’s not over.

Sources : elliptical, chainanalysis, Ronin Network



1nc1