Created by a Vietnamese game studio, Axie Infinity gives players the ability to breed, trade, and battle Pokemon-like cartoon monsters to earn cryptocurrencies, including the game’s own “Smooth Love Potion” digital token. At one point it had more than a million active players.
But earlier this year, the network of blockchains underpinning the game’s virtual world was raided by a North Korean hacking syndicate, who made off with roughly $620 million in the ether cryptocurrency.
The crypto heist, one of the largest of its kind in history, was confirmed by the FBI, which vowed to “continue to expose and combat [North Korea’s] using illegal activities – including cybercrime and cryptocurrency theft – to generate revenue for the regime.”
The successful crypto heists illustrate North Korea’s growing sophistication as a malign cyber actor. Western security agencies and cyber security companies treat it as one of the world’s top four nation-state cyber threats, along with China, Russia and Iran.
According to a UN panel of experts that monitors the implementation of international sanctions, money raised by North Korea’s criminal cyber operations helps finance the country’s illegal ballistic missile and nuclear programs. Anne Neuberger, US deputy national security adviser for cybersecurity, said in July that North Korea “is using cyber to get, we estimate, up to a third of their funding for their missile program.”
Crypto analytics firm Chainalysis estimates that North Korea stole roughly $1 billion in the first nine months of 2022 from decentralized crypto exchanges alone.
The rapid collapse last week of FTX, one of the largest exchanges, has highlighted the opacity, erratic regulation and speculative frenzies that have been central features of the digital asset market. North Korea’s growing use of cryptoran has also served to demonstrate the absence of meaningful international regulation of the same markets.
Analysts say the scale and sophistication of Axie Infinity hack revealed how powerless the US and allied countries appear to be to prevent large-scale North Korean crypto theft.
Only about $30 million of the crypto loot has since been recovered. That was after an alliance of law enforcement agencies and cryptanalysis companies traced some of the stolen funds through a series of decentralized exchanges and so-called “cryptomixers,” software tools that can mix the crypto holdings of different users to obscure their origins.
In one of the few law enforcement actions since the theft, the US in August sanctioned the Tornado Cash mixer, which the US Treasury Department said had been used by the hackers to launder more than $450 million of their Ethereum haul.
The United States has since designated the cryptomixer, alleging that the tool was used to support North Korean hackers who in turn supported the country’s weapons of mass destruction program.
It also highlights the opportunities that the unregulated crypto world presents to many other rogue regimes and criminal actors around the world, with experts warning that the problem is likely to only get worse over the course of the decade as crypto exchanges become increasingly decentralized and more goods and services. — legal and illegal — are made available for purchase with cryptocurrency.
“We are nowhere near where we need to be in terms of regulating the cryptocurrency industry,” says Allison Owen, a research analyst at RUSI’s Center for Financial Crime and Security Studies. “Countries are taking steps in the right direction, but North Korea will continue to find creative ways to avoid sanctions.”