Share this page!

Chainalysis Profile picture
Twitter logo
Sep 8 15 tweets 4 min read
1/ Today at #AxieCon, Senior Director of Investigations @eeplante joins the @AxieInfinity team to deliver good news…
2/ With the help of law enforcement & leading orgs in the #crypto industry, more than $30M worth of #crypto stolen by North Korean-linked hackers has been seized.

In this thread, we discuss how the Chainalysis Crypto Incident Response team played a role. bit.ly/3x8Nq86
3/ Much of this is a result of our investigation following the March 2022 theft of more than $600M from Ronin Network, a sidechain built for the play-to-earn game Axie Infinity.
4/ The Chainalysis Crypto Incident Response helped with these seizures by utilizing advanced tracing techniques to follow stolen funds to cash out points and liaising with law enforcement and industry players to quickly freeze funds.
5/ Curious to know we did it? Here’s what we can share now.
6/ The attack began when the Lazarus Group gained access to five of the nine private keys held by transaction validators for Ronin Network’s cross-chain bridge. coindesk.com/tech/2022/03/2…
7/ They used this majority to approve two transactions, both withdrawals: one for 173,600 ether (ETH) and the other for 25.5 million USD Coin (USDC).
8/ They then initiated their laundering process – and Chainalysis began tracing the funds. The laundering of these funds has used over 12,000 different crypto addresses to date, which demonstrates the hackers’ highly sophisticated laundering capabilities.
9/ North Korea’s typical #DeFi laundering technique has roughly five stages. We can visualize it below using Chainalysis Reactor: Image
10/ However, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) recently sanctioned Tornado Cash for its role in laundering over $455 million worth of cryptocurrency stolen from Axie Infinity.
11/ Since then, Lazarus Group has moved away from the popular Ethereum mixer, instead using #DeFi services to chain hop, or switch between several different kinds of cryptocurrency in a single transaction.
12/ We can use Chainalysis Storyline to see an example of how Lazarus Group utilized chain-hopping to launder some of the funds stolen from Axie Infinity: Image
13/ Above, we see that the hacker bridged ETH from the Ethereum blockchain to the BNB chain and then swapped that ETH for USDD, which was then bridged to the BitTorrent chain.
14/ Cryptocurrency’s transparency is instrumental to investigating hacks like the one suffered by Axie Infinity. Investigators with the right tools can follow the money to understand and disrupt a cybercrime organization’s laundering activities.
15/ This seizure represents a huge milestone: The first time ever that cryptocurrency stolen by a North Korean hacking group has been recovered. Check out our latest blog for the full story. bit.ly/3x8Nq86

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Chainalysis

Chainalysis Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @chainalysis

Chainalysis Profile picture
Sep 7
1/ We're 2 weeks away from this year's @AnitaB_org Grace Hopper Celebration! 🎉 #GHC22 #Web3AtGHC ghc.anitab.org
2/ Don't miss out on our events where #WomenInTech from Chainalysis will be answering questions like:
👉What is web3?
👉What is #blockchain analysis?
👉Why is it important to build trust in this new tech?
3/ Join our🗓️workshop: Thursday, Sept. 22 @ 1:45 pm | Orlando Convention
Read 4 tweets
Chainalysis Profile picture
Sep 7
1/ How will the Ethereum merge impact the #crypto ecosystem?

In this thread, we look into 3 questions on staking, institutional adoption, and mining to determine the potential impact on crypto markets. bit.ly/3QmSaxF
2/ First question: Will The Merge spur more staking activity on the Ethereum #blockchain? Image
3/ Staking could become an even more attractive proposition following The Merge for a few reasons.
Read 16 tweets
Chainalysis Profile picture
Jul 14
1/ Mixers are receiving more #crypto than ever in 2022. The 30-day moving avg reached an all-time high of $51.8M worth of crypto on 4/19/22, roughly doubling incoming volumes YoY. Let's break down the increase in mixer usage & where those funds are going. bit.ly/3uIApAQ
2/ Mixers are designed to provide more privacy in #crypto transactions and can be used to obfuscate the source of funds. They create a disconnect between the #crypto funds that users deposit and what they withdraw, making it more difficult to trace the flow of funds.
3/ Mixers’ core functionality, combined with the fact that they rarely ask for KYC information, makes them naturally attractive to cybercriminals. bit.ly/3c7bf8x
Read 8 tweets
Chainalysis Profile picture
Jul 11
1/ What happened to BiFi.finance?

Let’s investigate with Storyline.

On July 8th, a hacker exploited a vulnerability in BiFi’s smart contracts to permanently “borrow” $2.25 million worth of Ether (1,853 ETH).

Exploit tx: bit.ly/3nRqDbV
2/ The hacker both financed the attack and laundered the funds through tornado.cash, an Ethereum mixer.

The proceeds were mixed in increments of 100 ETH at first, then 10. Image
3/ But there’s more to the story.

The last transaction from the hacker was a 2.11 ETH payment to 0xf010580176390fbfe70ab366d9ce1b4ef06e3bb5.

Did the hacker not want to mix the last of the Ether? Is 0xf01 an accomplice? Was this a decoy transaction? Let’s take a look.
Read 6 tweets
Chainalysis Profile picture
Mar 29
The NFT gaming-focused @Ronin_Network announced today a loss of over $625M in USDC & ETH, making it the largest-ever DeFi exploit. We can confirm Chainalysis is tracking the funds on their behalf.
Unfortunately, the hack of @Ronin_Network is the latest in a series of DeFi thefts. In 2021, $3.2B in crypto was stolen from individuals and services — 6x the amount stolen in 2020. ow.ly/ZCRG50IvnEa
$2.3B of those funds were stolen from DeFi platforms & the value stolen from these protocols catapulted 1,330%.
Read 4 tweets
Chainalysis Profile picture
Mar 28
As Russia’s invasion of Ukraine continues, crypto is taking on an important role in the conflict.

So far, users around the world have donated over $56M in aid to Ukraine. But many are wondering if and how crypto may allow for sanctions evasion.
ow.ly/329g50IubWV
What could crypto-based Russian sanctions evasion look like?

There are a few on-chain indicators that we’re monitoring. We’ll walk you through those below.🧵
ow.ly/329g50IubWV
👉 Russian whales moving funds 🐳

Since the invasion, we’ve tracked just over $62M worth of crypto sent from Russia-based whales to other addresses, many of which are associated with OTC desks & exchanges, some of them high-risk.
ow.ly/329g50IubWV
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(