Norwegian authorities have successfully tracked and intercepted 60 million kroner ($5.9m) in cryptocurrency that was stolen by North Korean actors in what is considered the largest heist of its kind. The Scandinavian country’s economic and environmental crime agency, Økokrim, revealed that the North Korean threat actors have been engaged in a significant money laundering operation following the raid on the Ronin Network in March 2022.
According to Marianne Bender, a state attorney at Økokrim, the agency’s ability to trace the stolen funds on the blockchain showcases their expertise in combating sophisticated digital crimes. Collaborating with FBI specialists has strengthened their efforts in tracking cryptocurrency and combating profit-motivated cybercriminal activities.
The Ronin Network, created by Vietnamese blockchain game developer Sky Mavis as an Ethereum sidechain for the Axie Infinity game, fell victim to a breach by the Lazarus APT group, which is backed by Pyongyang. The hackers managed to steal an estimated $618m in cryptocurrency and cash, marking it as the largest cyber-heist in history.
Økokrim’s recent success in seizing $30m in stolen funds from Ronin demonstrates their commitment to combating cybercrime. Chainalysis, a blockchain analysis firm involved in the operation, revealed that North Korean hackers are utilizing the crypto mixer Tornado Cash to launder the stolen funds efficiently.
The urgency in tracking and seizing stolen cryptocurrency stems from the potential use of these funds by North Korea to finance its expanding missile program. Marianne Bender emphasized the importance of preventing the flow of money that could support North Korea’s nuclear weapons program by intercepting cryptocurrency and preventing its conversion into physical assets.
The funds recently seized by Norwegian authorities will be returned to Sky Mavis to facilitate the reimbursement of affected customers. This successful operation highlights the collaborative efforts between international agencies in combating cybercrime and disrupting illicit financial activities orchestrated by threat actors.