The hacker collective Lazarus has reemerged in the world of cybercrime—this time accused of stealing $620 million in cryptocurrency from a video game maker. The FBI announced that it believes Lazarus is tied to the North Korean government, and that the group's total loot from the last few years is around $1.75 billion.
Lazarus worked together with group APT38 appear to have stolen $620 million worth of Etherium from a blockchain "bridge" (a network that allows cryptocurrency to transfer from one blockchain to another), that belongs to video game maker Axie Infinity.
“A hack of a cryptocurrency business, unlike a retailer, for example, is essentially bank robbery at the speed of the internet and funds North Korea’s destabilizing activity and weapons proliferation,” Ari Redbord, head of legal affairs at TRM Labs, told CNN. “As long as they are successful and profitable, they will not stop.”
(Crypto) Cash Cow
While the world is focused on Russia's increasing cyber attacks, the country mostly targets infrastructure and disrupts communication platforms. The Kremlin doesn't turn to hacking as a source of revenue. North Korea, however, which has long been isolated from the world, is increasingly reliant on crypto hacks to fund its government. Shane Huntley, who leads the Threat Analysis Group at Google, says that most state-backed crypto hacking is now being done by Pyongyang. “It seems to be an ongoing strategy for them to supplement and make money through this activity.”
The Verdict
North Korea has effectively established itself as a cyber-pirate state. Clearly, these hacks need to be stopped, but how do you prosecute Pyongyang for these crimes, while further punishing a country that is heavily sanctioned perpetually on the verge of collapse?