Chainalysis and U.S. law enforcement recover $30 million from North Korea-linked Ronin exploit

Blockchain analytics firm Chainalysis and U.S. law enforcement recovered $30 million in stolen crypto from the North Korea-linked hack on Ronin, the main blockchain for the web3 play-to-earn game Axie Infinity. 

“This marks the first time ever that cryptocurrency stolen by a North Korean hacking group has been seized, and we’re confident it won’t be the last,” Erin Plante, senior director of investigations at Chainalysis, wrote in a blog post.  

The recovery occurred nearly six months after North Korean hackers, which were part of the Lazarus Group, hacked five of the nine validator keys on the Ethereum sidechain, The Block previously reported. At the time of the heist, 173,600 ETH worth about $590 million at the time and 25.5 million worth of USDC were stolen.  

The $30 million in stolen funds were recovered through using Chainalysis blockchain tracking tools to see where stolen funds were laundered, according to the blog post. 

"We see that the hacker bridged ETH from the Ethereum blockchain to the BNB chain and then swapped that ETH for USDD, which was then bridged to the BitTorrent chain. Lazarus Group carried out hundreds of similar transactions across several blockchains to launder the funds they stole from Axie Infinity, in addition to the more conventional Tornado Cash-based laundering," Plante said. 

The recovered funds make up a fraction of crypto stolen by North Korean hackers, Plante points out, as Chainalysis figures over $1 billion was stolen in 2022.  

Correction: This story was corrected to reflect Erin Plante's job title as senior director of investigations at Chainalysis.