Financial Times

It was designed by a Vietnamese gaming studio. Axie Infinity offers players the chance to breed, trade and fight Pokémon-like cartoon monsters to earn cryptocurrencies including the game’s own “Smooth Love Potion” digital token. It was home to more than one million users at one time.

But earlier this year, the network of blockchains that underpin the game’s virtual world was raided by a North Korean hacking syndicate, which made off with roughly $620 million in the ether cryptocurrency.

The FBI confirmed the crypto heist as one of the most significant in history. “continue to expose and combat [North Korea’s] use of illicit activities—including cyber crime and cryptocurrency theft—to generate revenue for the regime.”

The successful crypto heists illustrate North Korea’s growing sophistication as a malign cyber actor. Western security agencies and cyber security companies treat it as one of the world’s four principal nation state-based cyber threats, alongside China, Russia, and Iran.

According to a UN panel of experts monitoring the implementation of international sanctions, money raised by North Korea’s criminal cyber operations are helping to fund the country’s illicit ballistic missile and nuclear programmes. Anne Neuberger, the US deputy national security advisor for cyber security, stated in July that North Korea was “a threat to our national security.” “uses cyber to gain, we estimate, up to a third of their funds for their missile programme.”

Chainalysis, a crypto analyst firm, has estimated that North Korea took approximately $1Billion in the first nine month of 2022 just from decentralized cryptocurrency exchanges.

The collapse of FTX last week, one of the largest exchanges, highlighted the opacity and erratic regulation as well as speculative frenzies which have been central features of the digital asset market. North Korea’s growing use of crypto heists has also served to demonstrate the absence of meaningful international regulation of the same markets.

Analysts believe the sophistication and scale of the Axie Infinity Hack revealed how ineffective the US and its allies are at preventing large-scale North Korean cryptocurrency theft.

About $30 million of the stolen crypto loot have been recovered since then. After a coalition of law enforcement agencies, crypto analysis companies and crypto analysts traced some of the funds through a series decentralized exchanges and so called “crypto-money,” “crypto mixers,” Software tools that allow users to shuffle their crypto holdings in order to obscure their origins.

In August, the US sanctioned Tornado Cash mixer. This was one of few law enforcement actions taken since the theft. The US Treasury claimed that the Tornado Cash mixer had been used to launder more $450 million of their Ethereum haul.

The US has since designated the crypto mixer, alleging the tool was used to support North Korean hackers who were in turn supporting the country’s weapons of mass destruction programme.

It also highlights the opportunities afforded by the unregulated world of crypto to many other rogue regimes and criminal actors around the world, with experts warning that the problem is likely only to get worse over the decade as crypto exchanges are increasingly decentralized and more goods and services—legal and illicit—are made available for purchase with cryptocurrency.

“We are not anywhere near where we need to be when it comes to regulating the cryptocurrency industry,” says Allison Owen, a research analyst at RUSI’s Centre for Financial Crime and Security Studies. “Countries are taking steps in the right direction, but North Korea will continue finding creative ways to evade sanctions.”