The FBI has identified the North Korean hackers known as Lazarus Group for the $41 million theft from Stake.com on Sep. 4. The FBI adds that Lazarus goes by multiple other aliases, including APT38. It is one of three major hacking groups believed to have the backing of the North Korean government.
On Sep.4, cyber watchdogs flagged multiple transactions involving Stake.com. The crypto casino later acknowledged the attack, worth $41.35 million, involving three types of blockchains:
- $17.8 million on the Binance Smart Chain (BSC)
- $15.7 million on the Ethereum blockchain (ETH)
- $7.8 million on the Polygon blockchain
Stake said that users’ funds are safe, and the hack involved the company’s hot wallets. According to the FBI press release, Lazarus transferred the money to 33 wallets. Lazarus Group and North Korea have become synonymous with hacker attacks in the past decade. The hackers are responsible for billions of losses, including the largest cyber attack to date, a $625 million attack on Ronin Bridge.
Lazarus Has Stolen Billions, Including $200 Million This Year
According to the FBI, Lazarus primarily targets blockchain technology companies, cryptocurrency, and decentralized finance (DeFi) protocols. The hacker group has been involved in several hacks this year worth over $200 million in cryptocurrency. In addition to Stake, Lazarus is responsible for a few of the biggest attacks of 2023 :
- $60 million from Alphapo (crypto payment processor) and CoinsPad (crypto exchange) in July
- $100 million from Atomic Wallet in June
Alphapo processes payments for numerous cryptocasinos, including some black market operations that illegally accept US customers, like Bovada and Ignition.
According to blockchain analytics company TRM Labs, the North Korean hackers have stolen more than $2 billion over the last five years. Meanwhile, another analytics company, Chainalysis, estimates that number to be over $3 billion in five years, with $1.65 billion in 2022 alone. Some of the biggest attacks by Lazarus include:
- $625 million Axie Infinity’s Ronin Network
- $100 million Harmony’s Horizon Bridge
- $100 million Bangladesh Bank attack
Other notable non-monetary attacks include the 2014 Sony Pictures hack, which included personal information, movie scripts, and more. In addition, the group was responsible for the 2017 WannaCry ransomware attack, which affected 150 countries and over 200,000 computers.
Is North Korea Funding Its Regime Through Hack Attacks?
Lazarus Group usually acts bold in its hacks and does not try to cover its tracks. That is because it operates within North Korea and outside the reach of international law enforcement. As mentioned, the FBI believes the hackers work for the North Korean government.
Multiple sources say that cybercrime is an essential source of income for the dictatorship, which is closed off to most international trade. In 2021, North Korea’s exports totaled just $181 million, barely a tenth of what Chainalysis estimates North Korean hackers stole in 2022.
According to the Wall Street Journal (WSJ), funds stolen by Lazarus and similar groups fund about half of North Korea’s ballistic missile program. The country’s defense budget is about $4 billion, a quarter of North Korea’s economy.
WSJ adds that the North Korean government helps Lazarus by employing thousands of IT people worldwide, who use social networks like LinkedIn to get jobs and breach the security of targets within.
Crypto Casinos Are a Prime Target for Hackers
Stake has mostly kept quiet since the Sep. 4 attack. Aside from the single tweet acknowledging the attack and assuring users, co-founder Ed Craven posted a blog post on Medium after the FBI press release.
In his post, Craven reassured users that their information and funds were safe. He also added that there were no signs of attackers accessing personal information. Craven said the company reacted fast and is cooperating with authorities, including the FBI. The Stake co-founder added that such attacks are rare. However, that depends on one’s definition of “rare.” According to blockchain security company Beosin, there were 108 cyberattacks on crypto companies in the first half of 2023, resulting in over $400 million in losses.
Even regulated casinos are frequent targets of cybercriminals. Today, MGM Resorts is facing an apparent attack of its own. However, cryptocasinos like Stake are particularly appealing targets because they are unregulated and sit at the intersection of two areas of interest for hackers.