Despite how enormous it was, the Axie Infinity heist marked only the latest chapter in the story of North Korean financial cybercrime.
Sky Mavis, the developer of popular nonfungible token (NFT) video game Axie Infinity, lost hundreds of millions of dollars in assets when they were stolen by hackers on March 23. The attack occurred via a breach of the Ronin bridge that exists as part of the Ronin Network sidechain (also developed by Sky Mavis).
The breach occurred when attackers gained control of a series of validator nodes attached to Axie Infinity to conduct fake withdrawals. Hackers stole 173,600 Ethereum and 25.5 million USD Coin, worth approximately $620 million at the time (and about $375 million as of this writing).
Three weeks after the initial attack and two weeks after it was disclosed, the FBI formally attributed the attack to the Lazarus Group and APT38, nation-state threat groups tied to the North Korean government.
The Axie Infinity heist is not the first cryptocurrency heist for the Democratic People’s Republic of Korea (DPRK). Blockchain analytics firm Chainalysis reported that last year that the country stole nearly $400 million in at least seven attacks against cryptocurrency platforms. The North Korean government also has a lengthy history with financially motivated cybercrime.
But the Axie Infinity hack represents an enormous theft on behalf of Kim Jong Un’s regime, and acts as the latest in a long line of big-game heists against cryptocurrency platforms.
The reason for these attacks, based on conversations with experts on both cryptocurrency and North Korea, appears to be a combination of opportunity and a highly adaptive offensive cyberoperation.
An unconventional nation-state threat
North Korea is a small, insular nation with an estimated population of 25 million people. Despite its size, the country’s enormous military and cybersecurity investments have made it one of the United States’ “big four” nation-state adversaries along with Russia, Iran and China.
CrowdStrike senior vice president of intelligence Adam Meyers told SearchSecurity last year that overwhelmingly, the goal of…