KEY POINTS

  • The Ronin Bridge of the play-to-earn game 'Axie Infinity' was hacked in March 2022
  • Malicious actors, believed to be the Pyongyang-backed Lazarus Group, stole $615M from the hack
  • Norway's Økokrim worked with FBI to track the funds and prevent cyber criminals from laundering them

Norwegian authorities recovered nearly $6 million of the $615 million funds malicious actors drained from "Axie Infinity" when they hacked its Ronin Bridge in March last year, recording the biggest-ever crypto seizure the country's police ever made.

The Norway National Authority for Investigation and Prosecution of Economic and Environmental Crime (Økokrim) on Thursday announced the successful seizure of 60 million Norwegian kroner or around $5.9 million in stolen cryptocurrencies linked to the Ronin Bridge hack of the play-to-earn blockchain game "Axie Infinity."

"Okokrim is good at following the trail of money," senior public prosecutor Marianne Bender said, adding, "this case shows that we also have a great capacity to follow the money on the blockchain, even if the criminals use advanced methods."

The regulator said that the funds are part of the multimillion-dollar exploit hackers, believed to be the North Korean-backed Lazarus Group, carried out last year.

In the press release, Økokrim explained that it collaborated with international law enforcement agencies, including the Federal Bureau of Investigation (FBI) to track the funds' trail and prevent cyber criminals from laundering the stolen funds.

"We work with FBI specialists on tracking cryptocurrency. Such cooperation between countries means that we as a society stand stronger in the fight against digital, profit-motivated crime," the public prosecutor shared.

The first state prosecutor also noted that the hackers' primary goal for stealing cryptocurrencies was to support North Korea and back its nuclear weapons program.

"It has therefore been important to track the cryptocurrency and try to stop the money when they try to withdraw it in physical values," Bender said.

Last year, the Center for New American Security (CNAS) warned about the infamous Lazarus Group, revealing that it was formed by "a masterful army of cybercriminals and foreign affiliates." The CNAS said that the group uses "sophisticated" techniques to steal assets from various blockchain organizations.

Earlier this month, the South Korean government issued unilateral sanctions against North Korean individuals and seven other entities for allegedly raising funds for the hermit country's missile and nuclear programs via illegal activities, including crypto theft.

"The South Korean government has decided to take specific measures to counter illegal cyber activities, which are one of North Korea's main sources of funding for nuclear and missile development," the announcement read.

"The South Korean government decided to designate 4 North Korean individuals and 7 institutions that financed North Korea's nuclear and missile development through illegal cyber activities, such as winning orders for overseas IT work, as subject to independent sanctions," the announcement, translated using Google Translate, revealed.

South Korea also sanctioned threat groups linked to North Korea, including Lazarus hacking group, Andariel, Chosun Expo Joint Venture, Bluenoroff, the RGB's Technology Reconnaissance Team, Unit 110 hacking group, and the Pyongyang University of Automation (Mirim University and Mirim College).

In-game assets called 'Axies' are seen in this undated handout image from the blockchain-based game Axie Infinity, which is owned by Sky Mavis. Sky Mavis/Handout via REUTERS
In-game assets called 'Axies' are seen in this undated handout image from the blockchain-based game Axie Infinity, which is owned by Sky Mavis. Sky Mavis/Handout via REUTERS Reuters / Sky Mavis