Lazarus Group’s $200m cryptocurrency laundering scheme: an in-depth look
The Lazarus Group, a band of North Korean hackers, was recently found to have turned over $200 million in stolen cryptocurrency into regular money.
1/ How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020 – 2023https://t.co/s8zNFwlamb
— ZachXBT (@zachxbt) April 29, 2024
This discovery was made by an on-chain analyst known as ZachXBT, who shed light on the cunning methods the group uses to hide its ill-gotten gains and change them into ordinary cash.
Lazarus Group’s crypto crime wave
Well-known in the crypto world for its cybercrime activities, the group has engaged in several major attacks on different blockchain networks from August 2020 to October 2023.
Hackers managed to infiltrate accounts from Stake.com and take $622 million from a Ronin gaming network. The result of these actions was the theft of over $2 billion in virtual assets.
2/ Traced 25+ connected hacks across multiple blockchains and through mixers to centralized exchanges. pic.twitter.com/Xd2KlgVZrq
— ZachXBT (@zachxbt) April 29, 2024
The group used popular mixing services like Tornado Cash and ChipMixer to hide the tracks of the stolen funds.
The Lazarus Group figured out they could mingle transactions with other tokens and addresses, effectively hiding where the stolen cryptocurrency was coming from and going.
They used bitcoin peer-to-peer exchanges such as Noones and Paxful to turn the stolen money into regular currency. These P2P platforms allow for trading without an exchange clerk, thus providing a certain level of anonymity.
Collaborations between industry players and platforms like Binance and MetaMask made it simpler to tie accounts to Lazarus Group’s actions. ZachXBT was able to trace links between more than 50 accounts.
These accounts held almost $44 million from Lazarus’s hacked accounts. The stolen cryptocurrency was then successfully turned into everyday, ‘real-world’ cash.
Further details emerged about the actions taken within the crypto community to hinder Lazarus Group’s unlawful activities. In November 2023, Tether – the issuer of USDT – blacklisted 374,000 USDT.
Concerns over the reliability of centralized exchanges led to a freeze on certain funds in the last three months of 2023, with the exact amounts remaining unclear. Additionally, three stablecoin issuers have contributed an extra $3.4 million and added 12 Lazarus Group-associated targets to their blacklist.
The Lazarus Group’s intricate network calls for ongoing scrutiny. These events highlight the necessity for the crypto industry to unite against crime, money laundering, and other illicit endeavors.
ZachXBT highlights the extensive impact of Lazarus Group attacks on several thousands of people in the digital realm. Furthermore, he underlines that the number of victims will likely continue to grow.
Read More: Indian police dismantle local gang behind recent 1.5M crypto scams in Odisha
Lazarus Group’s deceptive crypto malware tactics
The notorious North Korean hacking group, Lazarus, has turned their focus towards cryptocurrency firms.
They’re using cunning malware strategies via LinkedIn, pretending to be blockchain developers seeking crypto-related work. This news follows a warning from SlowMist, a firm specializing in blockchain security.
The cybersecurity firm, SlowMist, revealed that Lazarus follows a crafty strategy where they prey on naive LinkedIn users. They initiate the interaction with job-related queries to trick victims into disclosing personal details.
As the conversation unfolds, the victims are lured into downloading an innocent-looking piece of code, which they are told is for resolving technical issues.
Yet, underneath this seemingly harmless process, there’s a dangerous purpose. This innocent-looking code cleverly hides abilities to swipe money and private data from its victims.
The malware operates on a repeating clock, set to go off at certain times. Its main job? Stealing data from anyone it can, sending the stolen goods straight back to the hacker’s control center.
Lazarus continues to use tricky tactics similar to their past methods, such as acting as fake recruiters back in December 2023. They lure victims with interesting tasks like coding challenges, allowing the hackers to gain remote access to their networks without the victims even knowing.
The group isn’t just involved in manipulation on LinkedIn. They’re also known for aggressive digital robberies, having stolen over $3 billion in cryptocurrency to date. Some of their eye-catching thefts include taking $37 million from CoinPaid.
Joshua Downes
Joshua Downes is an experienced journalist and editor specialising in finance, trading, cryptocurrency and online betting. Over the last eight years, he has written for numerous publications and media outlets, both print and online. These include Trading-Education, Wetten, GamblingGuy, BitReviews, Industry Slice, and Gulf Business. With a BA in journalism and an MA in English, Joshua aims to provide informative and highly readable articles, making even the most complex of financial concepts easily understandable for the average reader. Joshua is currently pursuing professional qualifications in finance and also has extensive knowledge of the gambling industry, having spent four years working in operations for Gala Coral.
View full profile ›ℹ️About Crypto2Community's Editorial Process
Crypto2Community's editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict editorial policy and sourcing standards, and each page undergoes diligent review by our team of top crypto industry experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
