Investigation: What happened to the money stolen from Axie Infinity?

Earlier, we wrote about the huge theft of $ 625 million from Ronin Network. The scam has become so big that refunds to affected players will take place over the next two years (and it is not certain that all funds will be returned). But who organized this cybercrime and how will the stolen money be used?

US opinion: North Korean hackers were involved in the hack.

The US Treasury Department accuses the North Korean hacker group Lazarus of stealing cryptocurrency from the Ronin network. On Thursday, the U.S. Treasury Department updated its sanctions list to include the address of the wallet that received the funds and linked it to the Lazarus group.

The Lazarus Group, which is accused of this crime, is linked to North Korea’s intelligence services and is responsible for 7 attacks last year. The group first appeared in the media field with the hack of Sony Pictures in 2014.

They carried out the largest heist in 2016. The hackers made thirty-five fake requests through the SWIFT network to illegally transfer about $ 1 billion from a Federal Reserve Bank of New York account belonging to the Central Bank of Bangladesh.

Lazarus later used trojan malware to steal millions from ATMs in Asia and Africa in 2018 and was also linked to the WannaCry ransomware.

Will it be possible to trace the stolen money and return it?

The detected crypto wallet currently contains 148 thousand Ethereum coins totaling $ 445 million. Less than a day ago, 3302.6 Ethereum were transferred from this wallet to another address, which corresponds to almost $ 10 million.

And more recently, 2,915 ETH ($ 8.8 million) was transferred from an address associated with a hacker group. It is worth noting that the Tornado Cash project has restricted access to its service interface to protect itself from involvement in money laundering and possible claims from the US authorities.

What is Tornado Cash?

Tornado Cash is a service that improves transaction privacy by breaking the chain of communication between source and destination addresses. It uses a smart contract that accepts deposits in ETH that can be withdrawn from another address. Each time ETH is withdrawn to a new address, there is no way to link the withdrawal to the deposit, ensuring complete privacy. In short, this is close to perfect money laundering.

So how did hackers get around the TC blocking?

First, there are several similar services (for obvious reasons, we will not list them). But the world of crypto is as simple as it is complex — the hackers first sent ETH to another clean address, and from there to Tornado Cash. The result.

This story once again shows that the «transparent world of regulated blockchain» as crypto enthusiasts portray it to us is far from being so transparent. And with a strong desire and a little skill, it is possible to sneak amounts close to a billion dollars out from under the noses of the feds.

How will this story end? We’ll have to see!