FBI identifies Lazarus Group as culprits of Stake hack

The Federal Bureau of Investigation (FBI) has issued a press release that attributes the recent hack and theft of $41m from Stake to the Lazarus Group, a North Korea state-sponsored hacking group. 

Following an investigation, the FBI found that the Lazarus Group, also known as APT38, moved stolen funds associated with Ethereum, Binance Smart Chain (BSC) and Polygon networks from the operator to a number of cryptocurrency accounts on or around 4 September.

The federal government agency has called upon all blockchain monitors and cryptocurrency exchanges to closely watch the addresses associated with the hack, and refrain from any transactions with the aforementioned addresses. 

The initial hack was first reported by on-chain analysts at Cyver, that noted that an initial $16m had been siphoned from the operator. 

Further hacks reportedly saw $7.8m lost on Polygon and $17.8m stolen on the Binance Smart Chain. 

Stake then released a statement on 4 September to confirm the unauthorised transactions had taken place and paused all withdrawals and deposits while it investigated the issue. Four hours later, the site was back online, with CEO Ed Craven reassuring users that everything was under control.

Craven said: “Shoutout to the team for such a quick turnaround. Despite some dramatic headlines, as always Stake has everything under control.”

The Lazarus Group is a cybercrime group made up of anonymous individuals and run by the North Korean government. Researchers have attributed a number of cyberattacks to the group between 2010 and 2021, and the group is believed to have stolen around $2bn in digital assets from crypto exchanges and decentralised finance services, according to blockchain analysis firm Elliptic.

According to research by Recorded Future’s Insikt Group, the money that is taken during these cyberattacks is meant to bolster “the North Korean government’s continued efforts to generate funds for the regime, which remains under significant international sanctions.”

The Group also made headlines back in 2014 when it threatened to take terrorist action against the then-upcoming film The Interview at its New York City premiere on 18 December 2014 and on its American-wide release date of 25 December 2014. This threat led to Sony pulling the film from theatrical release. 

The US Department of the Treasury’s Office of Foreign Assets Control also sanctioned the Lazarus Group in 2019 when it added it to its Specially Designated Nationals and Blocked Persons List (also known as the SDN List).

The ramifications of which mean any US assets the group may have are blocked, and their names are added to automated screening systems used by banks in the US and other countries, making it harder for individuals to hold bank accounts, transfer money or buy property.