The intelligence firms’ blog post said the recovery of the funds, which were stolen by the Lazarus Group, a North Korean hacking group tied to multiple crypto thefts, saw the combined effort of U.S. law enforcement and cryptocurrency organizations, including Chainalysis.
The recovered amount constitutes only a small fraction of the over $600 million plundered by the Lazarus Group in March from Ronin Network, a sidechain built for the Axie Infinity game. The current value of the stolen funds equate to $250 million, accounting for price differences between time stolen and seized, and it will take some time for the seized funds to be returned to the U.S. Treasury, said Ronin.
Many of the hackers’ proceeds from last spring’s heist was laundered through cryptocurrency mixer Tornado Cash - a service that mixes virtual currencies by pooling funds together and then redistributing them to contributors, which mystifies the trail of transfers, making the origin or destination of the money difficult to track.
The U.S. Treasury Department sanctioned Tornado Cash just last month for its role in laundering over $455 million worth of cryptocurrency stolen from Axie Infinity. According to the US Department of the Treasury, “mixers like Tornado are commonly used by illicit actors to launder funds, especially those stolen during significant heists.”
The blacklisting was seen as an overstep by some Tornado Cash users who saw the mixer as a neutral tool and used it for financial privacy. Just last week crypto exchange Coinbase said it was funding a lawsuit against the U.S. Treasury Department to block government sanctions that bar Americans from Tornado Cash.
Tornado Cash is not the only mixer to be sanctioned by the U.S. Authorities over the heist. In May, the U.S. Treasury Department placed Blender, another cryptocurrency mixer, in the blacklist, for having handled over $20.5 million in cryptocurrency stolen from Axie Infinity by Lazarus Group.
According to the Treasury Department’s May 2022 statement sanctioning Blender, the U.S. fears North Korea uses the proceeds laundered from cyber heists to “generate revenue for its unlawful weapons of mass destruction (WMD) and ballistic missile programs.”
Chainanalysis estimated that so far in 2022, “North Korea-linked groups have stolen approximately $1 billion of cryptocurrency from DeFi protocols,” referring to decentralized finance, an umbrella term for peer-to-peer financial services on public blockchains.
This is not the first time the U.S. has retrieved money stolen by Pyongyang-backed hackers since the beginning of the year. In July, they seized approximately half a million dollars worth of cryptocurrency from North Korean hackers that targeted healthcare providers.