North Korean Group Behind Sony Hack Linked to $620M Crypto Theft: FBI

North Korea Cryptocurrency Theft FBI Treasury Department
The FBI said that North Korean hacker groups Lazarus Group and APT38 were responsible for last month's theft of $620 million Ethereum cryptocurrency. North Korean leader Kim Jong Un is pictured in the country's South Hamgyong Province on October 14, 2020. KCNA VIA KNS/AFP/Getty

An FBI investigation has found that the North Korea-linked hacking group responsible for a notorious hack of Sony Pictures was behind a theft of over $600 million in cryptocurrency last month, the FBI said.

Around $620 million in Ethereum was stolen late last month following the hack of the popular video game Axie Infinity, which uses in-game tokens based on the cryptocurrency. The FBI said on Thursday that two groups linked to North Korea, officially known as the Democratic People's Republic of Korea (DPRK), were responsible—including Lazarus Group, an entity believed to be behind the 2014 Sony hack.

"The FBI continues to combat malicious cyber activity including the threat posed by the Democratic People's Republic of Korea to the U.S. and our private sector partners," the FBI said in a statement. "Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29."

"The FBI, in coordination with Treasury and other U.S. government partners, will continue to expose and combat the DPRK's use of illicit activities—including cybercrime and cryptocurrency theft—to generate revenue for the regime," the statement continued.

The Treasury Department also alleged that Lazarus Group was behind the theft by adding the group and a linked Ethereum address to its list of sanctions on Thursday. A tweet from blockchain data firm Chainalysis alleged that the update confirmed "that the North Korean cybercriminal group was behind the March hack."

A Treasury Department spokesperson told Coindesk that the department's work with the FBI had allegedly uncovered Lazarus Group's involvement and demonstrated a "commitment to use all available authorities to disrupt malicious cyber actors and block ill-gotten criminal proceeds."

"There may be mandatory secondary sanctions requirements on persons who knowingly, directly or indirectly, engage in money laundering, the counterfeiting of goods or currency, bulk cash smuggling, or narcotics trafficking that supports the Government of North Korea or any senior official or person acting for or on behalf of that Government," the spokesperson added.

The Axie Infinity theft was the largest cryptocurrency heist of all time, according to a tracker maintained by cybersecurity website Comparitech. Research released by Chainalysis earlier this year found that hackers in North Korea have been increasing their efforts to steal cryptocurrency. The firm found that $400 million worth of cryptocurrency was stolen by hackers based in the country during 2021, a 40 percent increase over the previous year.

The 2014 Sony Pictures hack exposed confidential data from the studio, including personal information about employees and their families. The hack was perhaps best known for a demand that Sony withdraw its then-upcoming film The Interview, a comedy about a fictional plot to assassinate North Korean Leader Kim Jong Un.

The hackers threatened to launch attacks on theaters and moviegoers who dared to see the film, temporarily prompting Sony to cancel its release. The studio then reversed its decision.

Newsweek reached out to the DPRK's permanent mission to the United Nations for comment.