Hackers Play Hide and Seek with Stolen Axie Infinity Funds

By I-HODL | A Crypto Journey | 16 Apr 2022

Okay guys, let's discuss the North Korean hacker group, Lazarus, identified as the ones responsible for the recent $625 million Axie Infinity exploit. It appears that the group, led by the intelligence agency, Reconnaissance General Bureau in North Korea,  is determined to continue its game of hide and seek, running just one step ahead of law enforcement and investigators in an attempt to slip away into the shadows with ill-gotten gains.


Image courtesy Unsplash

Most recently, the team, using a number of addresses  sanctioned by the US Office of Foreign Assets Control, attempted to pass money through Ethereum mixer, Tornado Cash, but that attempt was thwarted when Tornado Cash blocked at least 24 addresses with support from blockchain analysis firm, Chainalysis. This hasn't stopped the group though, and the race against time continues. Will global law enforcement ever be able to retrieve the funds? Let's discuss.

A quick sidenote

My friends, I truly appreciate your support here, and I'd just like to take a minute to register my thanks. Sometimes I'm all in a flurry dashing between stories and I hardly stop to catch a breath. But I've grown a lot since I've been on Publish0x and I can always rely on you guys to show love and support. We're up to 547 today, yay! This means a lot.

Nevertheless, in all things, there are bad actors, and it's been brought to my attention recently that someone plagiarized at least one of my articles (literally a case of Ctrl+C and then Ctrl+Z) and used it on another platform. Unfortunately, I did not see the warning until it was a bit late, but I'd like to thank the reader who did comment and provide me with that guidance. And, not to make much ado, but I put in a lot of work to create content, guys, as I'm sure every writer does, and my work is personal to me. And so, if I may, I'd appreciate any notification from you, if you come across any misrepresentation of my work.

Please know that should I choose to share this content anywhere else, I'd always make it known to readers that it was published here first.  And to be honest, going forward, it's very unlikely that I would share the same or similar content elsewhere, so, should you see an article lurking out there that's a replica of my work here, then it's very likely that it's not me. Please let me know.  Thank you so much, guys! And so, back to our story...

What is a Mixer?

A mixer is a cryptocurrency program which is used, as the title suggests, to mix cryptocurrency.  So you know that trick that street magicians do with the cup, right? They'd put a penny under a cup and then shift the cups around right before your eyes, right? And then you'd have to guess which cup the coin was under. Most times you'd have a hard time keeping abreast of those hands, right?

Well, imagine if there were 100 guys shifting rows and rows of cups around together and you walked up to one guy and handed him a coin which he immediately adds to  a row of the moving cups while simultaneously handing you another coin of the exact same value. Your coin will have the same value but it wouldn't be the exact same coin, would it? In fact, if you were to stand and try to follow the swapping cups in an attempt to follow the coin you actually put in, you wouldn't be able to, would you? Well, in a nutshell, the idea of swapping coins and obscuring their origin is what a mixer does, only it's technology and not human hands doing the mixing and so it's more complicated, more convoluted and a whole lot more difficult to track.

There are a number of cryptocurrency mixers such as ChipMixer, Blender.io, Wasabi, Samourai, JoinMarket and Tornado Cash among others. Some exchanges such as Blender.io are centralized. Others like  JoinMarket are decentralized. Centralized mixers will swap your crypto for a fee. The transactions will be private but the mixer will maintain a record of the transactions. Decentralized mixers use protocols to obscure transactions.

As you would expect, mixers are fairly popular among criminals, although, in an interview with Fortune, Chainalysis' director of research Kim Grauer makes the case that mixers are "not inherently illegal".  In fact, Grauer tells Fortune that mixers receive approximately $30 million in cryptocurrency every day. 


A Closer Look at Tornado Cash


As it states on its website, Tornado Cash is a fully decentralized protocol which facilitates private transactions on the Ethereum network.

"Tornado Cash improves transaction privacy by breaking the on-chain link between source and destination addresses. It uses a smart contract that accepts ETH deposits that can be withdrawn by a different address," the website states. "To preserve privacy, a relayer can be used to withdraw to an address with no ETH balance. Whenever ETH is withdrawn by the new address, there is no way to link the withdrawal to the deposit, ensuring complete privacy."

Of course, for the Lazarus team, this arrangement seemed ideal, but their attempts to make off with the stolen crypto by taking advantage of the protocol's ideal to protect privacy were thwarted as Tornado Cash blocked the sanctioned address.

The Race to Catch the Hackers


Image courtesy Pixabay

The Lazarus group was identified as the group behind the Ethereum address involved in the multimillion dollar Axie Infinity hack last month and US officials announced sanctions against the Ethereum address connected with the hack on April 14th. The sanctions, announced by OFAC, prohibit US persons and entities from transacting with the address. Whether these sanctions will serve to thwart the team is uncertain, however, as though Tornado Cash has indicated that it is blocking sanctioned addresses, CoinDesk notes that this fix did not stop the elite hacker group from possibly laundering at least $8.8 million in ETH on the morning of April 15th.

Acknowledging Tornado Cash's oracle contract with Chainalysis, CoinDesk noted that it was not able to confirm when the integration went live and added, "Either way, it only affects Tornado Cash’s front-end, meaning savvy users can still interact with the smart contracts powering the decentralized service."

Meanwhile, blockchain analysis provider, Elliptic revealed that the hackers have already laundered approximately $80 million  through Tornado Cash and have passed $16.7 million through centralized exchanges. The status of $9.7 million was identified in intermediary wallets while another $433 million remains in the original wallet.

"Elliptic investigators are tracking these stolen funds, and have labelled the addresses associated to this attacker in our systems – ensuring that our clients will be alerted if they receive any of these funds," Elliptic stated.

And guys, it's not just an isolated incident. This North Korean group, Lazarus, was previously identified as responsible for other cyber and crypto attacks including:

  • The 2014 cyberattack against Sony Pictures,
  • The 2017 Wannacry ransomware cryptoworm,
  • A hack on crypto exchange, Kucoin in 2020.

And now it seems that there is a lot of concern that the most recently stolen crypto assets are being used to fund nuclear and ballistic missile programs.


Well, guys, what do you think of this development? Do you think that the Lazarus team will get away with it all or do you think law enforcement will be able to at least freeze, if not recover the stolen funds? And what do you think of tumbling and mixing services in general?

I hate to keep bringing up the question of regulation because it may appear as though I'm constantly championing the cause for freedoms and privacies to be infringed upon, right? And that's not the case at all. It's only that as we sit, assess issues as they unfold, and we chat about them, I feel like it is only reasonable to bring a holistic view to things- at least as much as I can from my limited perspective. And so, if not regulation, what then can be done to protect or deter this type of bad actor from taking advantage of our ideals and capitalizing upon them for their own nefarious purposes? As always, I'd love to hear your thoughts.

Well, guys, I'm off again in search of another story. Until we meet again, my friends, please remember to be safe. Arrivederci!

How do you rate this article?



Your friendly, neighborhood crypto enthusiast.

A Crypto Journey
A Crypto Journey

Here we exchange news, views and reviews on developments in the crypto space.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.