Chainalysis, a well-known analytics company, has become increasingly accurate in detecting hacker attacks in the crypto world.
Summary
Chainalysis’ experience in detecting crypto hackers
With cryptocurrencies emerging as a global payment instrument, not only has the opportunity and investor base grown, but so have the malicious hackers who take advantage of their skills and bugs in the system to defraud honest investors. We are referring to hackers who, as of late however, do not have it easy.
Chainalysis, founded by Michael Gronager and Jonathan Levin in 2014 in New York City, is an analytics company that has its core business in analytics within the cryptocurrency world.
The high level of specialization this company has acquired over the years and the amount of data it has provided over time has sometimes made it unwittingly stumble upon hacking stories in which it has played an important role in combating this harmful problem that plagues many investors and platforms around the world.
The criminal group, which goes by the name of Lazarus, which has already hit wallets and platforms for millions of dollars and which boasts the characteristic of regenerating its “resources” (hackers) by always replacing its team with new criminal professionals, has often, aided by the central government, specialized in targeting DeFi, which is most vulnerable because of its open source system.
A sum bordering on $2 billion, up 60% from the same period last year, gives a better understanding of the scale of the phenomenon that often looks like spy stories since funding in some cases comes from governments such as Kim Jong-Un’s Korea.
The vulnerability of cross-chain bridges
“This trend does not look set to reverse anytime soon, with a $ 190 million Nomad cross chain bridge hack and a $ 5 million Solana wallet hack already occurring in the first week of August. Axie Infinity’s Ronin lost about $ 600 million to hackers in March and the Harmony’s Horizon bridge was drained for $ 100 million in June.”
The tokens that are transferred via cross-chain bridges in the blockchain are the weak point that criminals exploit as they are easier to circumvent and definitely unprotected.
“It is possible that the incentives of protocols to reach the market and grow rapidly lead to gaps in security best practices.”
The heists carried out by the Lazarus group have accumulated $1.6 billion in the pockets of the regime in 2022 alone, 65% less than in 2021, but we are talking at any rate about huge sums misappropriated from honest investors.
The Dark Web, on the other hand, generates less profit with a less conspicuous decline, but smaller figures in absolute terms. The drop is 43%, in part because of the Hydra Market crackdown in April.
US authorities, assisted by Chainalysis, law enforcement, and other leading cryptocurrency organizations, managed to seize more than $30 million in cryptocurrencies that had been stolen by yet another North Korean hacker group.
Community efforts to thwart hacker attacks
Today at AxieCon in Barcelona, Erin Plante (Senior Director of Investigations at Chainalysis), alongside Axie Infinity, spoke these words about the affair after being asked for comment:
“This is the first time ever that a stolen cryptocurrency has been seized by a group of North Korean hackers. This seizure also matured following the Chainalysis investigation following the theft of more than $ 600 million in March 2022 by Ronin Network, a side-chain created for the play-to-earn game Axie Infinity. Incident Response played a role in these seizures, using advanced tracking techniques to track stolen funds to cash in points and work with law enforcement and industry players to quickly freeze funds. The seizures represent about 10% of the total funds stolen by Axie Infinity (representing the price differences between stolen and seized time) and show that it is becoming more difficult for bad guys to successfully cash in on their illicit cryptocurrency earnings.”
The discovery of the theft of the $30 million and the hackers involved in the malfeasance were also unmasked through an investigation into another major theft, totaling $600 million, that occurred in March this year against Ronin Network, a sidechain of the play-to-earn game Axie Infinity.
The attack against the Play-to-Earn game Axie Infinity
The Lazarus Group’s heist was made possible following the theft of five out of nine of the private keys held by transaction validators for Ronin Network’s cross-chain bridge.
The transactions resulted in the theft of 173,600 Ether (ETH) and 25.5 million USD Coin (USDC), soon after which they carried out the laundering process and Chainalysis was thus able to trace the funds.
These kinds of operations have resulted in more than 12,000 different cryptographic addresses to date, which shows the great ability of hackers, especially North Korean hackers, to exploit bugs in the system and take advantage of them.
The growing skill of North Korean hackers
To date, the hackers’ technique has evolved and more bugs in the system are being tested, but the system’s ability to be resilient to these kinds of attacks has also grown. Collaboration between DeFi, analytical companies such as Chainalysis, law enforcement agencies, and governments is getting stronger and more effective to the point of increasingly tightening the noose around groups, such as Lazarus.
North Korean hackers, unfortunately, are a tough nut to crack and are replenishing their numbers by exploiting what is a veritable semi-governmental hacking school in the country. In addition to classic techniques, it also teaches followers how to edit their resumes so they can infiltrate companies that deal with the crypto and NFT worlds to act maliciously directly as insiders.