This article is more than 1 year old

Norway finds a way to recover crypto North Korea pinched in Axie heist

Meanwhile South Korea's Do Kwon is sought for fraud by US authorities

Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea.

The Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime (Økokrim) has called the seizure among the largest ever money seizures – and the largest-ever related to crypto – made by Norway.

"Økokrim are experts at following the money. This case shows that we are also good at following the money on the blockchain even though criminals use advanced techniques to avoid detection," said senior public prosecutor Marianne Bender.

The agency said it would work with the owner of the Axie Infinity game, Sky Mavis, to return the funds to its victims.

Axie Infinity allows players to win Ethereum. Sky Mavis refers to the game as its "flagship product" and the "#1 game on Ethereum by daily, weekly, and monthly active players."

In March 2022, $620 million was stolen when attackers gained access to five out of nine private keys used by transaction validators for Ronin Network – the Ethereum-based DeFi decentralized finance platform used by Sky Mavis. The game publisher describes its Ronin side chain as "a tool that allows game developers to deliver the benefits of blockchain to their players without any of the complications."

Once the attackers gained access to the organization they approved crypto transactions, then immediately began to launder the money through Ethereum-based crypto mixer Tornado Cash, which is now the target of US sanctions. In September 2022, US authorities found and seized $30 million of the ill-gotten gains.

Økokrim said it worked with the FBI to recoup another $5.9 million. "This is money that can be used to finance the North Korean regime and their nuclear weapons program. It has therefore been important to trace the cryptocurrency and try to stop the assets from being converted into regular currency," explained Bender.

More crypto comeuppance

Thursday was a bad day for crypto crooks with ties to the Korean peninsula. On the same day, the US Securities and Exchange Commission (SEC) charged Terraform Labs and its wanted fugitive leader, South Korean national Do Kwon, with defrauding investors.

"We allege that Terraform and Do Kwon failed to provide the public with full, fair, and truthful disclosure as required for a host of crypto asset securities, most notably for LUNA and Terra USD," said SEC chair Gary Gensler. "We also allege that they committed fraud by repeating false and misleading statements to build trust before causing devastating losses for investors."

The implosion of Terraform Labs's TerraUSD "stablecoin" and linked "Luna" tokens set off what has been called "crypto winter." The crash was marketed as impossible, because the cryptocurrency's value was pegged to the US dollar. But that was not true, and many investors subsequently lost huge sums of cash.

Kwon's last known address was in Singapore, but authorities in the city-state say he departed the island in September 2022. Since then, he has landed on Interpol's Red Notice list and the South Korean government has cancelled his passport.

Meanwhile, Terraform Labs continues to announce developments as if it didn't almost bring about its own little Armageddon. Yesterday it launched a decentralized automation layer feature in its TerraLuna ecosystem.

Uncharacteristically, Kwon has kept quiet on Twitter. ®

More about


Send us news

Other stories you might like