Connect with us

Lazarus Group

Ronin Bridge Hack: U.S. seizes $30 million worth crypto assets

Published

on

Ronin Bridge Hack: U.S. seizes $30 million worth crypto assets

The United States seized $30 million worth of cryptocurrency stolen by North Korea-linked hackers. The news was  released by blockchain data platform Chainalysis.

In a recently published blog, Erin Plante, Senior Director of Investigations, Chainalysis shed further light on the matter. He wrote that Chainalysis’ collaboration with law enforcement and leading crypto organizations has helped the authorities. Together, they could seize more than $30 million worth of cryptocurrency.

This was the cryptocurrency that was stolen from the Ronin Network by North Korean-linked hacking group, Lazarus.

 Lazarus strikes hard 

The Ronin Network executes transactions related to the gaming company, Axie Infinity. On 29 March 2022, the Ronin Blockchain team informed in a blogpost that it had been exploited for 173,600 ETH and 25.5 million USDC. These two transactions led to a collective loss of $625 million. 

Advertisement

 The DeFi protocol said that it was working directly with various government agencies to ensure that the criminals are brought to justice. The laundered assets were distributed over 12,000 different crypto addresses as per Chainalysis.

 The firm also identified Tornado Cash, a decentralized cryptocurrency mixer, as the primary tool used by the hackers to launder crypto assets. In August 2022, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash for laundering more than $7 billion worth of virtual currency.  

OFAC also underlined its usage in laundering over $455 million worth of cryptocurrency stolen from Axie Infinity. It also noted the role of the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group.

Furthermore, in March, the Federal Bureau of Investigation (FBI) issued a press release on the matter at hand. The press release stated that cyber hacking groups, Lazarus Group and APT38, affiliated to the North Korea state are responsible for various thefts. More popularly, of over $6200 million worth of crypto assets. These illicit activities generate revenue for the North Korean regime according to the FBI. 

 A small victory 

 The recovered amount is merely a fraction of the $600 million worth of crypto assets stolen by the hacking group. The seizure is still a breakthrough for law enforcement and investigators that are actively trying to recover some of the remaining loot. However, this news can be considered as a move in the right direction.  

Advertisement

Ser Suzuki Shillsalot has 8 years of experience working as a Senior Investigative journalist at The SpamBot Times. He completed a two-hour course in journalism from a popular YouTube video and was one of the few to give it a positive rating. Shillsalot’s writings mainly focus on shilling his favourite cryptos and trolling anyone who disagrees with him. P.S – There is a slight possibility the profile pic is AI-generated. You see, this account is primarily used by our freelancer writers and they wish to remain anonymous. Wait, are they Satoshi? :/

Advertisement

Attack

OFAC Sanctions 7 New Bitcoin Addresses Allegedly Associated With Iran-Related Ransomware Activities

Published

on

OFAC Sanctions 7 New Bitcoin Addresses Allegedly Associated With Iran-Related Ransomware Activities

The Treasury’s Office of Foreign Asset Control (OFAC) has published a specially designated nationals list update (OFAC’s SDN List) that lists a number of individuals accused of being involved with Iran-related ransomware. The list further shows seven bitcoin addresses that are allegedly associated with the Iranian ransomware gang.

Iran Adds 7 New Bitcoin Addresses to the SDN List Following the Tornado Cash Ban

Following the Treasury’s Office watchdog OFAC banning the ethereum mixer Tornado Cash, OFAC published a new SDN List update on September 14, 2022. The SDN List update lists two specific companies and ten people that are accused of participating in and financing Iran-based ransomware schemes.

In the past, OFAC has accused North Korean syndicates like the infamous Lazarus Group of participating in ransomware activities. “This IRGC-affiliated group is known to exploit software vulnerabilities in order to carry out their ransomware activities, as well as engage in unauthorized computer access, data exfiltration, and other malicious cyber activities,” OFAC’s SDN List announcement states on Wednesday.

Advertisement

In addition to the ten individuals and the two companies listed, approximately seven BTC addresses are mentioned as well. Some of the addresses mentioned in the OFAC report have never seen a single BTC deposit. Other addresses have received BTC, like this one, that’s allegedly associated with an Iranian named Ahmad Khatibi Aghada, as the address once held 0.2931 BTC.

The September 14 SDN update is not the only update that lists “cyber-related designations, [and] Iran-related designations during the last two weeks. OFAC published an amendment to cyber-related designations on September 2, and two “Iran-related designations” on September 8 and 9, 2022. The update published on Wednesday is the only “Iran-related designations” update that contains newly added BTC addresses.

Tags in this story

Attack, Bitcoin Addresses, Crypto, Cryptocurrency, Digital Assets, Hackers, Iran, Iran Ransomware, Iran-related designations, Lazarus Group, Mixing Application, north korea, OFAC, OFAC list, ransomware, sdn list, Tornado cash, Tornado Cash mixer, treasury department, Updated SDN List, US Treasury

What do you think about OFAC adding seven new bitcoin addresses to the SDN List? Let us know what you think about this subject in the comments section below.

Jamie Redman

Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 6,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

Advertisement
Advertisement

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Advertisement
Continue Reading

Amsterdam

Dutch Law Enforcement Arrests Suspected Tornado Cash Developer In Amsterdam

Published

on

Dutch Law Enforcement Arrests Suspected Tornado Cash Developer In Amsterdam

According to a statement from the Dutch Fiscal Information and Investigation Service (FIOD), law enforcement officials in Amsterdam arrested an unnamed 29-year-old suspected of developing the ethereum mixing application Tornado Cash. FIOD accuses the suspect of “concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies.”

Netherlands Law Enforcement Takes Suspected Tornado Cash Dev Into Custody, Officials Hint About the Possibility of Future Arrests

Four days ago, the U.S. Treasury Department’s watchdog, the Office of Foreign Asset Control (OFAC), banned the ethereum mixing application Tornado Cash and 44 associated Ethereum-based addresses. Now Dutch law enforcement has revealed that FIOD has arrested a 29-year-old unidentified person that is accused of developing Tornado Cash. The press release published by the Dutch authorities notes that the suspect will be brought before a judge and further hints that “multiple arrests are not ruled out.”

Dutch investigators say that since 2019, Tornado Cash recorded a turnover of around $7 billion and law enforcement officials believe “at least one billion dollars’ worth of cryptocurrencies of criminal origin passed through the mixer.” The individual’s identity has not been disclosed by officials in Amsterdam but Dutch authorities stress that “advanced technologies, such as decentralised organisations” are getting extra attention from the FIOD if they are suspected of money laundering practices.

Advertisement

The FIOD press release adds:

It is suspected that persons behind this organisation have made large-scale profits from these transactions.

Suspect’s Arrest Follows Celebrity Dusting and Github Bans

The arrest follows the OFAC ban announcement that took place on August 8. “The following entity has been added to OFAC’s SDN list: Tornado Cash,” OFAC’s Cyber-related Designation report details. Then a couple of developers who had worked on the open source Tornado Cash codebase via Github got their accounts suspended, and some commits were erased from the software repository. Additionally, centralized crypto business operators like Circle froze addresses that were allegedly associated with OFAC’s Tornado Cash ban.

After the Github suspensions and assets were frozen, an unusual twist happened when an anonymous Tornado Cash user sent small fractions of ethereum (ETH), otherwise known as dusting, to a great number of celebrities and well known companies. Famous people like Snoop Dogg, Steve Aoki, Logan Paul, and Beeple were dusted alongside organizations like the sneaker company Puma and the Ukraine Donation address.

A spokesperson from Puma explained that the company had received a transaction of around 0.075 ether. “Puma has no business relationship with Tornado Cash and had no prior knowledge of the payment. This matter is currently under investigation,” the Puma spokesperson explained to the Wall Street Journal.

Treasury Official Claims Tornado Cash ‘Repeatedly Failed to Impose Effective Controls,’ OFAC’s Tornado Cash Press Release Mentions the Takedown of the Mixer Blender.io

The current undersecretary of the Treasury for terrorism and financial intelligence, Brian Nelson, explained on Monday that Tornado Cash failed to comply with regulatory policies.

Advertisement

“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” Nelson said. “[The] Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them,” the Treasury’s investigator added. U.S. authorities also noted the takedown of the mixer Blender.io.

While Tornado Cash has received a lot of attention from the media, back in May, Blender.io was the first cryptocurrency mixing application sanctioned by OFAC. In the same fashion, OFAC claimed Blender.io was used to regularly facilitate criminal transactions. The Treasury detailed that the North Korean hacking syndicate Lazarus Group used the mixer to obfuscate $620 million in crypto funds stolen from the Ronin bridge hack (Axie Infinity). OFAC associated Tornado Cash transactions with Lazarus Group as well.

OFAC added a few crypto addresses to the SDN list back in April. In addition to Tornado Cash and Blender.io, an American citizen was arrested and sentenced to prison for violating North Korean sanctions. Former Ethereum developer Virgil Griffith was found guilty of one count of conspiracy to violate the International Emergency Economic Powers Act (IEEPA). Griffith spoke at a blockchain conference hosted in the Democratic People’s Republic of Korea (DPRK) and Griffith was charged with aiding the enemy after he allegedly gave the DPRK “technical advice on using cryptocurrency and blockchain technology to evade sanctions.”

Tags in this story

Amsterdam, Amsterdam Police, Brian Nelson, Crypto, Cryptocurrency, Digital Assets, Dutch Arrest, dutch authorities, Dutch investigators, Dutch Law Enforcement, FIOD, Hackers, Lazarus Group, Lazarus Group attack, Mixing Application, north korea, North Korea Lazarus Group, north korean hackers, OFAC, OFAC list, sdn list, Tornado cash, Tornado Cash ETH, Tornado Cash ETH addresses, Tornado Cash mixer, Tornado Cash USDC, treasury department, US Treasury, Virgil Griffith

What do you think about the Tornado Cash situation and the U.S. government’s recent enforcement against the crypto mixing application? Let us know what you think about this subject in the comments section below.

Advertisement
Jamie Redman

Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,700 articles for Bitcoin.com News about the disruptive protocols emerging today.

Advertisement

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Advertisement
Continue Reading

Alex Smirnov

Debridge Finance Suspects North Korean Hacking Syndicate Lazarus Group Attacked The Protocol’s Team

Published

on

Debridge Finance Suspects North Korean Hacking Syndicate Lazarus Group Attacked The Protocol’s Team

According to the co-founder of Debridge Finance, Alex Smirnov, the infamous North Korean hacking syndicate Lazarus Group subjected Debridge to an attempted cyberattack. Smirnov has warned Web3 teams that the campaign is likely widespread.

Lazarus Group Suspected of Attacking Debridge Finance Team Members With a Malicious Group Email

There’s been a great number of attacks against decentralized finance (defi) protocols like cross-chain bridges in 2022. While most of the hackers are unknown, it’s been suspected that the North Korean hacking collective Lazarus Group has been behind a number of defi exploits.

In mid-April 2022, the Federal Bureau of Investigation (FBI), the U.S. Treasury Department, and the Cybersecurity and Infrastructure Security Agency (CISA) said Lazarus Group was a threat to the crypto industry and participants. A week after the FBI’s warning, the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) added three Ethereum-based addresses to the Specially Designated Nationals And Blocked Persons List (SDN).

Advertisement

OFAC alleged that the group of Ethereum addresses are maintained by members of the cybercrime syndicate Lazarus Group. Additionally, OFAC connected the flagged ethereum addresses with the Ronin bridge exploit (the $620M Axie Infinity hack) to the group of North Korean hackers. On Friday, Alex Smirnov, the co-founder of Debridge Finance, alerted the crypto and Web3 community about Lazarus Group allegedly attempting to attack the project.

“[Debridge Finance] has been the subject of an attempted cyberattack, apparently by the Lazarus group. PSA for all teams in Web3, this campaign is likely widespread,” Smirnov stressed in his tweet. “The attack vector was via email, with several of our team receiving a PDF file named “New Salary Adjustments” from an email address spoofing mine. We have strict internal security policies and continuously work on improving them as well as educating the team about possible attack vectors.” Smirnov continued, adding:

Most of the team members immediately reported the suspicious email, but one colleague downloaded and opened the file. This made us investigate the attack vector to understand how exactly it was supposed to work and what the consequences would be.

Smirnov insisted that the attack would not infect macOS users but when Windows users open the password-protected pdf, they are asked to use the system password. “The attack vector is as follows: user opens [the] link from email -> downloads & opens archive -> tries to open PDF, but PDF asks for a password -> user opens password.txt.lnk and infects the whole system,” Smirnov tweeted.

Smirnov said that according to this Twitter thread the files contained in the attack against the Debridge Finance team were the same names and “attributed to Lazarus Group.” The Debridge Finance executive concluded:

Never open email attachments without verifying the sender’s full email address, and have an internal protocol for how your team shares attachments. Please stay SAFU and share this thread to let everyone know about potential attacks.

Lazarus Group and hackers, in general, have made a killing by targeting defi projects and the cryptocurrency industry. Members of the crypto industry are considered targets because a number of firms deal with finances, an assortment of assets, and investments.

Advertisement
Tags in this story

Alex Smirnov, Attack, Crypto, Cryptocurrency, Debridge Finance, DeFi, Digital Assets, exploit infects the system, Hackers, Lazarus Group, Lazarus Group attack, Malicious Email, north korea, North Korea Lazarus Group, north korean hackers, Password, PSA, suspicious email, Team Attack, widespread attack

What do you think about Alex Smirnov’s account of the alleged Lazarus group email attack? Let us know your thoughts about this subject in the comments section below.

Jamie Redman

Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,700 articles for Bitcoin.com News about the disruptive protocols emerging today.

Advertisement

Image Credits: Shutterstock, Pixabay, Wiki Commons

Advertisement

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Continue Reading

Top posts

NFT Collection Veefriends Physical Collectibles To Debut At Macy’s And Toys’R’Us NFT Collection Veefriends Physical Collectibles To Debut At Macy’s And Toys’R’Us
Andy Kraniak6 hours ago

NFT Collection Veefriends Physical Collectibles To Debut At Macy’s And Toys’R’Us

In recent times, non-fungible tokens (NFTs) and their physical counterparts have started to debut at well known retail stores and...

This Tether update may finally bear some good results in the weeks to come This Tether update may finally bear some good results in the weeks to come
Altcoins8 hours ago

This Tether update may finally bear some good results in the weeks to come

Tether, the firm behind USDT, the largest stablecoin made some key changes to its asset reserves. On 3 October, Chief...

Pro-Russian Groups Raised $400,000 In Crypto Since Ukraine Invasion, Report Reveals Pro-Russian Groups Raised $400,000 In Crypto Since Ukraine Invasion, Report Reveals
conflict8 hours ago

Pro-Russian Groups Raised $400,000 In Crypto Since Ukraine Invasion, Report Reveals

Groups supporting Russia’s war effort in Ukraine have been actively collecting cryptocurrency to fund paramilitary operations and evade sanctions, researchers...

MATIC – The how and why of this buying opportunity MATIC – The how and why of this buying opportunity
Altcoins9 hours ago

MATIC – The how and why of this buying opportunity

Disclaimer: The findings of the following analysis are the sole opinions of the writer and should not be considered investment advice....

Over $4B laundered through DEXs, coin swaps and cross-chain bridges, Elliptic reports Over $4B laundered through DEXs, coin swaps and cross-chain bridges, Elliptic reports
DEX9 hours ago

Over $4B laundered through DEXs, coin swaps and cross-chain bridges, Elliptic reports

Over $4B laundered through DEXs, coin swaps and cross-chain bridges, Elliptic reports Oluwapelumi Adejumo · 11 mins ago · 2...

Can MakerDAO’s latest development drive MKR towards its next bull rally Can MakerDAO’s latest development drive MKR towards its next bull rally
Altcoins9 hours ago

Can MakerDAO’s latest development drive MKR towards its next bull rally

MKR holders that aped in towards the end of September are pleased with their decision considering the healthy run-up in...

Bankrupt Crypto Lender Celsius’ Asset Sale Is Scheduled, Sources Say FTX CEO May Bid Bankrupt Crypto Lender Celsius’ Asset Sale Is Scheduled, Sources Say FTX CEO May Bid
Bankruptcy10 hours ago

Bankrupt Crypto Lender Celsius’ Asset Sale Is Scheduled, Sources Say FTX CEO May Bid

According to a filing published by the U.S. Bankruptcy Court for the Southern District of New York, the crypto lending...

DOGE up 8% as Elon Musk makes new acquisition offer for Twitter DOGE up 8% as Elon Musk makes new acquisition offer for Twitter
Investments10 hours ago

DOGE up 8% as Elon Musk makes new acquisition offer for Twitter

DOGE up 8% as Elon Musk makes new acquisition offer for Twitter Liam ‘Akiba’ Wright · 16 mins ago ·...

Cardano’s [ADA] price reacts this way as Voltaire hint airs Cardano’s [ADA] price reacts this way as Voltaire hint airs
ada10 hours ago

Cardano’s [ADA] price reacts this way as Voltaire hint airs

Late in September, Cardano [ADA] released the Vasil hardfork. Positive feelings persisted after the fork, as the network continued to...

Sears Home Warranty Review Sears Home Warranty Review
Uncategorized11 hours ago

Sears Home Warranty Review

Sears Home Warranty Ratings at a Glance While you likely already know Sears for the company’s series of department stores,...

Riot Blockchain produced over $7.1M worth of BTC in September Riot Blockchain produced over $7.1M worth of BTC in September
Bitcoin mining11 hours ago

Riot Blockchain produced over $7.1M worth of BTC in September

Riot Blockchain produced over $7.1M worth of BTC in September Andjela Radmilac · 2 hours ago · 1 min read...

Crypto giants criticize Twitter on scam, bot accounts impersonating them Crypto giants criticize Twitter on scam, bot accounts impersonating them
Buterin11 hours ago

Crypto giants criticize Twitter on scam, bot accounts impersonating them

Crypto giants criticize Twitter on scam, bot accounts impersonating them Oluwapelumi Adejumo · 2 hours ago · 2 min read...

Will Litecoin’s new update improve its chances of winning the PoW race Will Litecoin’s new update improve its chances of winning the PoW race
Altcoins11 hours ago

Will Litecoin’s new update improve its chances of winning the PoW race

Litecoin [LTC] has been making improvements to its existing technology for quite some time now. In line with the same,...

Ethereum Marks Three Consecutive Red Weekly Closes, Will Uptober Change Its Trajectory? Ethereum Marks Three Consecutive Red Weekly Closes, Will Uptober Change Its Trajectory?
ETH11 hours ago

Ethereum Marks Three Consecutive Red Weekly Closes, Will Uptober Change Its Trajectory?

Ethereum has been one of the cryptocurrencies that have received major support from the crypto community regardless of how the...

Mastercard Debuts Blockchain Surveillance Tool For Banks And Crypto-Centric Card Issuers Mastercard Debuts Blockchain Surveillance Tool For Banks And Crypto-Centric Card Issuers
Ajay Bhalla12 hours ago

Mastercard Debuts Blockchain Surveillance Tool For Banks And Crypto-Centric Card Issuers

On Tuesday, the multinational financial services corporation Mastercard revealed that it is launching a new crypto monitoring product called Crypto...

Research: Grayscale’s GBTC drops to all-time low of $12.5K; conversion to spot ETF could trigger rebound Research: Grayscale’s GBTC drops to all-time low of $12.5K; conversion to spot ETF could trigger rebound
adoption12 hours ago

Research: Grayscale’s GBTC drops to all-time low of $12.5K; conversion to spot ETF could trigger rebound

Research: Grayscale’s GBTC drops to all-time low of $12.5K; conversion to spot ETF could trigger rebound Christian Nwobodo · 2...

Biggest Movers: MATIC Hits 3-Week High, LINK Up Almost 10% Biggest Movers: MATIC Hits 3-Week High, LINK Up Almost 10%
Analysis13 hours ago

Biggest Movers: MATIC Hits 3-Week High, LINK Up Almost 10%

Polygon raced to a three-week high during today’s session, as bullish sentiment returned to cryptocurrency markets. Chainlink was also in...

Ethereum Registers Massive Inflows Even Though It Shows Subtlety Ethereum Registers Massive Inflows Even Though It Shows Subtlety
Cardano13 hours ago

Ethereum Registers Massive Inflows Even Though It Shows Subtlety

The second largest cryptocurrency is making a new wave in space in inflows, Ethereum and its related products recorded massive...

Trending

Free Bitcoin MiningEarn from $50 to $75 daily with just your phone