FBI Seizes Stolen Cryptocurrencies

The Wall Street Journal is reporting that the FBI has recovered over $30 million in cryptocurrency stolen by North Korean hackers earlier this year. It’s only a fraction of the $540 million stolen, but it’s something.

The Axie Infinity recovery represents a shift in law enforcement’s ability to trace funds through a web of so-called crypto addresses, the virtual accounts where cryptocurrencies are stored. These addresses can be created quickly without them being linked to a cryptocurrency company that could freeze the funds.

In its effort to mask the stolen crypto, Lazarus Group used more than 12,000 different addresses, according to Chainalysis. Unlike bank transactions that happen through private networks, movement between crypto accounts is visible to the world on the blockchain.

Advanced blockchain-monitoring tools and cooperation from centralized crypto exchanges enabled the FBI to trace the crypto to where Lazarus Group tried to cash out, investigators said.

The money was laundered through the Tornado Cash mixer.

Posted on September 13, 2022 at 6:51 AM10 Comments


iAPX September 13, 2022 11:26 AM

Some people doesn’t understand the difference of meaning, and thus traceability, between anonymous and pseudonymous.

They also tend to not understand the difference between decentralized, dynamically centralized and contextually centralized.

Ted September 13, 2022 1:08 PM

The CEO of Binance, a cryptocurrency exchange, tweeted:

The DPRK hacking group started to move their Axie Infinity stolen funds today. Part of it made to Binance, spread across over 86 accounts. $5.8M has been recovered. We done this many times for other projects in the past too. Stay #SAFU.

It was an interesting choice to move funds there. Maybe the Lazarus Group thought their obfuscation process was less trackable?


SpaceLifeForm September 13, 2022 10:31 PM

Speaking of Tornado Cash


In particular, where you will see why @matthew_d_green is pleased.

The Sanctions were against the org using the name Tornado Cash, but not meant to imply against the open-source code. So, it is good that this clarification has arisen.

Will Microsoft issue a mea culpa over their decision regarding the source code on Github? Because IMO they did over-react.


While engaging in any transaction with Tornado Cash or its blocked property or interests in property is prohibited for U.S. persons, interacting with open-source code itself, in a way that does not involve a prohibited transaction with Tornado Cash, is not prohibited. For example, U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts. Similarly, U.S. persons would not be prohibited by U.S. sanctions regulations from visiting the Internet archives for the Tornado Cash historical website, nor would they be prohibited from visiting the Tornado Cash website if it again becomes active on the Internet.

Clive Robinson September 14, 2022 3:40 AM

@ SpaceLifeForm, ALL,

Re : Difference between a service and a transaction.

From what you quote, it appears that the US Treasury unlike a great many do actually understand the difference between a transaction carried out on a service and the service it’s self and the technology and infrastructure it’s based on.

That is the US Treasury appreciates the notion of a “common carrier” from the earliest days of postal services predating the “Elizabethan Era” of the Tudor period prior to 1600 some four centuries ago[1].

It is after all both a logical and reasonable view point to take (unlike the actions of others).

Especially when we have a saying that predates it and arguably goes back to pre-cristian events,

“Don’t shoot the messenger”

Thus the use of Tornado Cash for legitimate legal transactions was legal.

What was not legal were illegitimate and unlawful transactions that became illegal and continue to do so.

Where Tornado Cash over stepped the mark of “Common Carrier” of transactions was actively encoraging if not seeking out those who practiced unlawful behaviour with an intent based on criminal activity thus harmfull not just to US National Security but the National Security of other nations.

@ ALL,

With regards MicroSoft’s behaviour that has been seen as “over steping the mark”.

Yes it was then and still is. However “over stepping the mark” has been very much evident in US Political circles for some time now. Thus it could be argued that MicroSoft acteb in an over abundance of caution to protect it’s “Good Name”.

However as others will no doubt point out that “abundance of caution” had significant financial considerations for MicroSoft…

Which was just one of the many major objections the Open Source community had to MicroSoft taking over an Open Source Repository, and why MicroSoft was not considered “a safe pair of hands” to hold it. And indeed MicroSoft have “dropped the ball” at what appears to be the first opportunity, thus confirming many fears.

[1] Of the many English Monarchs, Elizabeth the First was perhaps the first to truely understand the power of Spy-Craft over other peoples communications and had her own Spy-Master Sir Francis Walsingham, who ran his own “black chamber”. You can get a little of the taste of a historic “Surveillance State” and see how little has actually changed in the intervening centuries other than an infusion of technology…


lurker September 14, 2022 4:17 PM

@Clive Robinson

Elizabeth I learned her spycraft from her father (Henry VIII) who learned it from . . . the Sumerians?

What has happened is the clay tablets, parchment and sealing wax are no longer physical objects to touch and see. The messages and cyphers have moved into the ether, invisible, and thus to most people into the realm of magic.

The problem is to convince those people that even if it is now on the wire, invisible and instant[1] the age old principles and practice still apply.

[1] The notion that the speed of light is finite, and much may happen while a message goes out of one computer into another, is also in the realm of magic.

Clive Robinson September 14, 2022 8:06 PM

@ lurker,

Re : Relative Behavior.


blockquote>”Elizabeth I learned her spycraft from her father (Henry VIII) who learned it from . . .”

She learned some, like her father learbed some –possibly due to the “Petfidious French”– and so on.

The point is Elizabeth the First was the one who built it up and took it to places in effect a pinical that it did not go again for effectively centuries after her death. The reasons for the demise of spycraft in England were both prosaic and complex and had much to do with the stupidity of male egos and religion being in conflict,


Any way, the level of such spying did not realy return until the later pary of the era of the two Boer Wars (1880-1903). With “Old Dutch v. English” in the South of Africa and was as a result of “trade disputes” and the likes of Cecil Rhodes and earlier behaviours over the discovery of significantly gold and diamonds.

The second Boer War revealed the very sick and depraved mentality of certain British Military leaders that later contributed to the mass carnage and destruction of civilian populations and property in the following two world wars. Some historians credit the likes of Kitchener with not just the fall of the British Empire but also for inventing the tools and methods such as Concentration Camps that enabled many acts of genocide, right upto and including the likes of Gitmo etc.

Such is history and the lessons we mostly do not learn from it.

Which brings us onto,

“The messages and cyphers have moved into the ether, invisible, and thus to most people into the realm of magic.”

This too realy started with the Boer War Era and the Afghanistan campaign. The ability to machine effective man portable heliograph systems, sent out messages at the speed of light.

The early heliographs had a problem in that their light cone was two broad and the twinkling could be seen and the positions of troops and commands identified from quite a distance. A significant disadvantage with guerilla warfare where your enemy are in effect all around you watching. It’s not known if the Boer’s practiced signals intelligence, it’s probably not likely but nether the less during that period the use of codes and ciphers went up significantly. So much so it was a standard technique by “The Great War” and the birth of machine ciphers.

Which brings us to,

“The notion that the speed of light is finite, and much may happen while a message goes out of one computer into another, is also in the realm of magic.”

Actually, it was during the Second World War that this idea happened to a few people. The use of radar gunnery had shown that fast as light was, you still had to make alowance for changes. Further Gordon Welchman at Bletchly started thinking about time delays in the speed of communications and how communications networks would be limited by it. Which gave rise to quite a bit of the low level thinking that exists behind what we now call the Internet.

As for “taking the magic out of it” and getting people to realise the issues… So far in life we appear to have discovered two ways to do it,

1, Capitalize on a tragedy.
2, By “force majeure”.

Neither are effective, being more blunt instruments than precision tools…

However even though we have “fire guards” and similar, the number of people going to hospital with significant burns to hands and faces, tells us there are always going to be people who either do not listen, do not think, or both.

There is a reason why the Darwin Awards exist…

HowDoesItWork September 16, 2022 9:52 AM

I’ve never understood, how FBI seizure of crypto currency is possible without access to the criminal’s private key. Can someone who understands explain this please?

SpaceLifeForm September 16, 2022 11:02 PM

@ HowDoesItWork

The easy way is to spot the criminals doing bad stuff, get a warrant, and seize their devices which likely contain the private key. If they are up to no good, and doing fishy stuff via cryptocurrency (like money laundering), traffic analysis will point to them doing fishy stuff via cryptocurrency.

Criminals are not the sharpest knives at the top of the elevator. They think that cryptocurrency is anonymous. They do not understand how IP traffic works.

JOE CHRIS September 18, 2022 3:38 AM

I can’t stop giving you positive reviews For recovering
my stolen 4.3 Bitcoin in just few minutes.
i lost my BTC in a bitcoin investment scam
and David Moore unbelievably recovered my
coins back to my wallet in just few minutes.
i believe we all need such a wonderful helper.
contact him via email: davidmoore9951 @ gm ail . com

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.