Privacy Ninja

US Recovers $30 million Stolen from Axie Infinity by Lazarus Hackers

US Recovers $30 million Stolen from Axie Infinity by Lazarus Hackers

With the help of blockchain analysts and FBI agents, the U.S. government seized $30 million worth of cryptocurrency stolen by the North Korean threat group ‘Lazarus’ from the token-based ‘play-to-earn’ game Axie Infinity earlier in the year.

The news about the retrieval was announced during the AxieCon event today, where the hosts highlighted it as a community achievement and the result of a large-scale collaboration between multiple law enforcement authorities and private entities.

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

This is the first time stolen cryptocurrency has been seized from a North Korean hacking group, and according to a Chainalysis report, which had active involvement in the retrieval, it won’t be the last.

Lazarus laundering effort

As Chainalysis explains, the Korean hackers followed a typical five-stage laundering process laid down below:

  • Send stolen Ether to intermediary wallets
  • Mix Ether in batches using Tornado Cash
  • Swap Ether for Bitcoin
  • Mix Bitcoin with batches

The recent sanctions imposed by the U.S. Department of the Treasury on Tornado Cash forced Lazarus to use alternatives for the remaining one-third of the stolen funds, using bridges between blockchains to obscure movements.

Chainalysis was able to track this “chain-hopping” and trace all of the attempted crypto swaps, helping law enforcement authorities freeze and retrieve part of the funds.

One of the numerous chain-hopping moves attempted by Lazarus
One of the numerous chain-hopping moves attempted by Lazarus (Chainalysis)

Lazarus in law enforcement’s crosshairs 

The total financial damage caused by Lazarus’ Axie Infinity hack is estimated to be $620 million, so the recovered amount represents only about 5% of that value and 10% of the cryptocurrency amount.

Also Read: PDPA Breach Penalty Singapore: How Can Businesses Prevent

However, the blow for Lazarus is still significant, as it signifies that stolen digital assets aren’t easy to move around, launder, and eventually cash out into fiat money.

Since Lazarus is one of the world’s most sophisticated and skillful threat actors, the message sent by law enforcement has also rippled across the entire DeFi hacking community.

Chainalysis comments that most of the stolen funds from Axie Infinity remain unspent in cryptocurrency wallets, and the threat actor is running out of reliable options for cashing out.

Hence, the New York-based blockchain analysis firm is confident that more seizures and retrievals will follow in the upcoming years.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us