North Korean Hacker Group Reportedly Behind Axie Infinity’s $600 Million Security Breach

Axie Infinity, an NFT game that recently suffered a $600 million security breach, was apparently targetted by a North Korean hacker organization. Lazarus Group, which has previously been linked to several high-profile cyberattacks, has been named by the FBI as the group behind the recent Axie Infinity hack, but is unable to reclaim stolen cryptocurrency.

Lazarus Group has had its crypto wallet sanctioned by US authorities following the attack, but retains much of what was taken. $440,350,353 worth of Ethereum sits in the wallet at the time of writing, and it has been left to the company that powers Axie Infinity, Ronin Network, to reimburse affected players.

Axie Infinity, a creature collecting NFT game that many users play as a full-time job, had one of its blockchains hacked in March. This resulted in 173,600 Ethereum and 25.5M USDC being taken from Ronin Network, something that would hit its players – many of whom earn less than the minimum wage – particularly hard.

The vulnerability that allowed the attack to take place was actually a side effect of its success. Axie Infinity's developer had to ask Ronin to temporarily assist with approving transactions, because there were just too many of them. Ronin gave up the ability to verify purchases in December 2021, but one of its nodes still retained this ability. This is what the hackers used to get their own "purchases" approved, which can still be seen in their wallet.

Commenting on the latest move, Ronin says that it is "adding additional security measures" as a result of the attack. Reassuring players that "security comes first", it says that the updates should be implemented by the end of the month.

Lazarus Group has been on the FBI's radar for some time. It was said to be behind the 2014 hack of Sony Pictures, which saw everything from unreleased films to private information about employees made public. It also attempted to steal $1 billion from Bangladesh Bank in 2016, successfully making off with $101 million. The FBI claims that the group is sponsored by the North Korean state.

Source: Read Full Article