The Washington PostDemocracy Dies in Darkness

North Korean hackers linked to $620 million Axie Infinity crypto heist

A cryptocurrency address used in the theft last month was tied to the same group that hacked Sony Pictures in 2014

Updated April 14, 2022 at 5:04 p.m. EDT|Published April 14, 2022 at 1:54 p.m. EDT
Sky Mavis's Axie Infinity game is blockchain-based. (Sky Mavis/Reuters)
2 min

The U.S. government has linked a notorious gang of North Korean hackers to a cryptocurrency address that was used last month to steal more than $600 million from a popular video game.

The hackers, known as the Lazarus Group, were also responsible for the 2014 hacking of Sony Pictures, authorities previously said. North Korea has long denied allegations of orchestrating cyberattacks and cyberheists.

Hackers hit popular video game, stealing more than $600 million in cryptocurrency

To hack video game Axie Infinity, the hackers infiltrated part of Ronin, the underlying blockchain that powers the game. Developers at Sky Mavis, which runs both Axie Infinity and Ronin, said they discovered the breach in late March. The hackers ended up making off with around $620 million in cryptocurrencies.

The Treasury Department first noted that the hack was linked to the Lazarus Group when it updated its sanctions listing for the group to add a cryptocurrency address used in the hack. The updates “confirm that the North Korean cybercriminal group was behind the March hack,” the blockchain data firm Chainalysis said on Twitter.

The FBI said in statement that it had discovered the link to the Lazarus Group through its investigation.

“The FBI continues to combat malicious cyber activity including the threat posed by the Democratic People’s Republic of Korea to the U.S. and our private sector partners," the statement said, referring to North Korea by its formal name. "Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th. The FBI, in coordination with Treasury and other U.S. Government partners, will continue to expose and combat the DPRK’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime.”

Sky Mavis said in a blog post that it “would like to extend a thank you to all law enforcement agencies who have supported us in this ongoing investigation.”

North Korea has long targeted cryptocurrency exchanges and sites amid crippling U.S. and international economic sanctions. But the Axie Infinity hack marks an incredibly lucrative haul for Pyongyang, which last year stole around $400 million in cryptocurrency, Chainalysis said in January.

The country’s cryptocurrency heists are an “important revenue source” for Pyongyang’s nuclear and ballistic missile programs, United Nations investigators have said.