The US blames the North Korean state-affiliated APT group Lazarus for the largest ever cyberattack on decentralized financial systems.
On March 29, Ronin Network from DeFi networks was hacked and 540 million dollars worth of ETH and USDC were stolen. This Thursday, OFAC (Foreign Assets Control Office) declared sanctions on the North Korean group and identified the wallet addresses of the attackers as Lazarus Group . According to Eliptic, which runs a series of security and analysis activities for the blockchain infrastructure
, the purpose of this move is to prevent Lazarus from cashing in cryptocurrencies that are likely to be held on exchanges in the US borders.
According to PeckShield researchers, 3,000 ETH has been gradually withdrawn every two to three days over the past two weeks. Withdrawn Ethereums have been sent multiple times from cryptocurrency mixers to Tornado Cash. In this way, about 7.5% of the money stolen by the hackers was successfully laundered.
On 14 April , according to Elliptic data , the laundering rate reached 18 percent. Decentralized exchanges (DEX) were used to obscure the stablecoin USDC, the equivalent of the US dollar in cryptocurrencies. Coins were changed to ETH here. In normal conditions, stablecoins are open to government interventions by nature, so the use of stolen money could be prevented somehow, but the attackers apparently took this into account.
Experts say that North Korea has managed to provide the budget to finance these projects with the attacks of Lazarus, despite the exaggerated missile firing tests and embargoes in recent months. After one of the Ethereum developers, Virgin Griffith, was sentenced to prison in the USA , it was revealed that North Korea was secretly working with experts to strengthen its digital currency infrastructure.