Attacks on the chemical sector and $540 million Axie Infinity crypto hack

 

Attacks on the chemical sector and $540 million Axie Infinity crypto hack

Lazarus Group (aka Hidden Cobra) has been linked to the theft of $540 million from Axie's Ronin Network last month, according to the U.S. Treasury Department.


Thursday, Treasury linked the Ethereum wallet address that received the stolen funds to the threat actor and added the address to OFAC's Specially Designated Nationals (SDN) List, which sanctions the funds.


This includes cybercrime and cryptocurrency theft, which the FBI and other U.S. government partners will continue to expose and combat in order to generate revenue for the regime, according to a statement from the intelligence and law enforcement agency.


A cryptocurrency heist on March 23, 2022, involved the theft of 173,600 Ether (ETH) and 25.5 million USD Coins from the Ronin cross-chain bridge, which allows users to transfer digital assets between crypto networks.


Using private keys that had been hacked, the attacker forged fake withdrawals, according to the Ronin Network's disclosure report a week after the incident was first reported.


As a result of the sanctions, the state-sponsored group will not be able to cash out any further funds. 18% of the siphoned digital funds (about $97 million) have so far been laundered by the actor, according to an Elliptic analysis.


To avoid seizure, Elliptic reported that the stolen USDC was first exchanged for ETH on decentralized exchanges (DEXs). According to the report, "the hacker was able to avoid AML and KYC checks performed at centralized exchanges because they were converting the tokens at DEXs."


Tornado Cash, a mixing service on the Ethereum blockchain, has been used to launder nearly $80.3 million of the laundered funds, with an additional $9.7 million worth of ETH expected to be laundered in the same manner.


One of the most prolific state-sponsored actors in North Korea's nuclear and ballistic missile programs, Lazarus Group, has been conducting cryptocurrency thefts since at least 2017 in an effort to circumvent sanctions and fund the country's nuclear weapons program.


Russia's espionage operations reflect the regime's immediate concerns and priorities, which are likely focused on acquiring financial resources through crypto-heists, targeting media, news, and political entities [as well as] information on foreign relations," Mandiant said in a recent deep dive into the country.


Because of the increasing sophistication of these cyber actors, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has portrayed them as a global network that has created and disseminated a wide range of malware tools.


An estimated $400 million worth of digital assets were stolen from crypto platforms in 2021, a 40 percent increase from 2020, according to Chainalysis, which found that "only 20 percent of the stolen funds were Bitcoin, [and] Ether accounted for a majority of the funds stolen at 58 percent.".


Decentralized finance (DeFi) wallet apps have been used to backdoor Windows systems and misappropriate funds from unsuspecting users, despite sanctions imposed by the United States government on the hacking collective.


That's not the end of the story. Earlier this week, Broadcom Symantec revealed that a cyberattack on a South Korean chemical company appears to be the continuation of a malware campaign dubbed "Operation Dream Job," which Google's Threat Analysis Group reported on in March 2022.


When a suspicious HTM file is opened, an infection sequence is triggered, ultimately leading to the retrieval of a second-stage payload from a remote server to facilitate further incursions. These intrusions were discovered in early January of this year.


Symantec believes the attacks are aimed at obtaining "intellectual property" for North Korea to use in its own pursuits.


For its part, the U.S. State Department has announced a $5 million reward for "information leading to the disruption of financial mechanisms of persons engaged in certain activities supporting North Korea" due to the Lazarus Group's relentless onslaught of illegal activities.


Just a few weeks ago, a New York court sentenced former Ethereum developer Virgil Griffith, 39, to five years and three months in prison for aiding North Korea's efforts to avoid international sanctions by using virtual currencies.


More worryingly, malicious actors have stolen $1.3 billion worth of cryptocurrency in the first three months of 2022 alone—as much as they stole in the entire year of 2021, which is a "meteoric rise."


An increase from 72% theft in 2021 to nearly 97% theft from DeFi protocols in the first three months of 2022, according to a report released this week by Chainalysis.


"In the case of DeFi protocols, faulty code is the most common cause of thefts. Outside the Ronin attack, code exploits and flash loan attacks—a type of code exploit involving the manipulation of cryptocurrency prices—accounted for the majority of the value stolen "According to the researchers,

0 Comments

Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post