Binance recovers USD 5.8M of stolen funds linked to Axie Infinity hack

Binance CEO Changpeng Zhao on Friday has announced that their trading platform had recovered USD 5.8 million worth of crypto funds linked to North Korean-orchestrated hacking of blockchain based, play-to-earn game Axie Infinity. Zhao says that the whole sum of recovered funds has been spread across over 86 different accounts.

The DPRK hacking group started to move their Axie Infinity stolen funds today. Part of it made to Binance, spread across over 86 accounts. $5.8M has been recovered. We done this many times for other projects in the past too. Stay #SAFU.

— CZ 🔶 Binance (@cz_binance) April 22, 2022

As previously reported, Ronin Bridge Ethereum (ETH) sidechain of Sky Mavis’ Axie Infinity has suffered USD 625 million theft—which is considered the biggest crypto heists ever recorded. The United States Department of Treasury revealed last April 14 that “Lazarus Group” was the cybercrime gang responsible for the massive Ronin hack, and the said hacking group has been included in their sanctions list.

Following the cryptocurrency thefts since at least 2020, the US Cybersecurity & Infrastructure Security Agency (CISA) along with the Federal Bureau of Investigation (FBI), and Treasury on April 18 has issued joint Cybsersecurity Advisory (CSA) for blockchain-related companies and cryptocurrency sector regarding the cyber threats posed by North Korea.

The said advisory mentions hacking groups that are believed to be state sponsored by North Korea and are targeting crypto companies. Lazarus, APT38, BlueNoroff, and Stardust Chollima are the hacking groups tagged as advanced persistent threat (APT)—which means that these threats can gain unauthorized access to computer systems and remain undetected for long periods of time.

The US government noted that crypto exchanges, decentralized finance protocols, play-to-earn crypto games, venture capital firms and trading firms are being targeted by hackers to steal and launder crypto assets. Individual holders of cryptocurrency or valuable non-fungible tokens (NFTs) are also vulnerable.

“The activity described in this advisory involves social engineering of victims using a variety of communication platforms to encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems. The cyber actors then use the applications to gain access to the victim’s computer, propagate malware across the victim’s network environment, and steal private keys or exploit other security gaps,” the joint CSA stated.