The startling increase in money plundered from DeFi technologies, especially in specific cross-chain bridges, is one of the most alarming developments in cryptocurrency crime. Professional hacker groups like Lazarus Group and other North Korean-affiliated malicious people are responsible for a large portion of the wealth taken through DeFi protocols. We project that as of today, in 2022, organizations with ties to North Korea have looted from DeFi protocols almost $1 billion worth of crypto.

Over $30 million in crypto allegedly stolen by criminals with ties to North Korea has indeed been recovered with the assistance of police departments and top cryptocurrency industry organizations. This won’t be the last occasion that cryptocurrencies taken by a North Korean hacking organization have been confiscated.

The inquiry into the theft of much more than $600 million from Ronin Network, a sidechain created for the P2E game Axie Infinity, has yielded the following findings.

The Chainalysis Crypto Incident Response team contributed to such arrests by working with police departments and industry insiders to swiftly freeze assets and employing sophisticated tracing tools to follow stolen funds to cash out locations.



The seizures show that it is getting harder for criminals to properly cash out their illegal cryptocurrency gains since they account for price fluctuations between when the money was taken and when it was seized, which amounts to about 10% of the total assets stolen from Axie Infinity.

World-class detectives and regulatory experts can work together to stop even the most highly skilled hackers and money launderers with the correct blockchain analysis software. While there is still work to do, this represents an important step in the direction of securing the bitcoin ecosystem.

The attack started when the Lazarus Group got hold of 5 of the nine secret keys maintained by the transaction verifiers for the cross-chain link of the Ronin Network. They utilized this majority to approve two withdrawal-only transactions totaling 173,600 ether (ETH) and 25.5 million USD Coin (USDC). Following that, they started the laundering procedure, and Chainalysis started tracing the money. More than 12,000 different strategy addresses have been used to launder these monies, demonstrating the hackers’ incredibly advanced laundering abilities.

The usual DeFi laundering process used in North Korea has around five stages:-

  • Transmitted to intermediary wallets was stolen ether.
  • Batches of ether with tornado cash.
  • Bitcoin was exchanged for ether.
  • Batches of bitcoin were jumbled.
  • Payment of bitcoin to services that convert it into fiat currency.

Although, the U.S. Tornado Cash was just penalized by the Treasury’s Office of Foreign Assets Control (OFAC) for its involvement in the theft of approximately $455 million in bitcoin taken from Axie Infinity. Since then, Lazarus Group has abandoned the well-known Ethereum mixer in favor of using DeFi services to hop or jump between numerous different cryptocurrencies in a single exchange.