Disclosure
Cryptocurrency trading is speculative and your capital is at risk when you trade. We may earn affiliate commissions from some of the products on this page - at no extra cost to you.
Uncovering Lazarus Group's $200m Cryptocurrency Laundering Scheme

The Lazarus Group, a band of North Korean hackers, was recently found to have turned over $200 million in stolen cryptocurrency into regular money.

This discovery was made by an on-chain analyst known as ZachXBT, who shed light on the cunning methods the group uses to hide its ill-gotten gains and change them into ordinary cash.

Lazarus Group’s crypto crime wave

Well-known in the crypto world for its cybercrime activities, the group has engaged in several major attacks on different blockchain networks from August 2020 to October 2023.

Hackers managed to infiltrate accounts from Stake.com and take $622 million from a Ronin gaming network. The result of these actions was the theft of over $2 billion in virtual assets.

The group used popular mixing services like Tornado Cash and ChipMixer to hide the tracks of the stolen funds.

The Lazarus Group figured out they could mingle transactions with other tokens and addresses, effectively hiding where the stolen cryptocurrency was coming from and going.

They used bitcoin peer-to-peer exchanges such as Noones and Paxful to turn the stolen money into regular currency. These P2P platforms allow for trading without an exchange clerk, thus providing a certain level of anonymity.

Collaborations between industry players and platforms like Binance and MetaMask made it simpler to tie accounts to Lazarus Group’s actions. ZachXBT was able to trace links between more than 50 accounts.

These accounts held almost $44 million from Lazarus’s hacked accounts. The stolen cryptocurrency was then successfully turned into everyday, ‘real-world’ cash.

Further details emerged about the actions taken within the crypto community to hinder Lazarus Group’s unlawful activities. In November 2023, Tether – the issuer of USDT – blacklisted 374,000 USDT.

Concerns over the reliability of centralized exchanges led to a freeze on certain funds in the last three months of 2023, with the exact amounts remaining unclear. Additionally, three stablecoin issuers have contributed an extra $3.4 million and added 12 Lazarus Group-associated targets to their blacklist.

The Lazarus Group’s intricate network calls for ongoing scrutiny. These events highlight the necessity for the crypto industry to unite against crime, money laundering, and other illicit endeavors.

ZachXBT highlights the extensive impact of Lazarus Group attacks on several thousands of people in the digital realm. Furthermore, he underlines that the number of victims will likely continue to grow.

Read More: Indian police dismantle local gang behind recent 1.5M crypto scams in Odisha

Lazarus Group’s deceptive crypto malware tactics

The notorious North Korean hacking group, Lazarus, has turned their focus towards cryptocurrency firms.

They’re using cunning malware strategies via LinkedIn, pretending to be blockchain developers seeking crypto-related work. This news follows a warning from SlowMist, a firm specializing in blockchain security.

The cybersecurity firm, SlowMist, revealed that Lazarus follows a crafty strategy where they prey on naive LinkedIn users. They initiate the interaction with job-related queries to trick victims into disclosing personal details.

As the conversation unfolds, the victims are lured into downloading an innocent-looking piece of code, which they are told is for resolving technical issues.

Yet, underneath this seemingly harmless process, there’s a dangerous purpose. This innocent-looking code cleverly hides abilities to swipe money and private data from its victims.

The malware operates on a repeating clock, set to go off at certain times. Its main job? Stealing data from anyone it can, sending the stolen goods straight back to the hacker’s control center.

Lazarus continues to use tricky tactics similar to their past methods, such as acting as fake recruiters back in December 2023. They lure victims with interesting tasks like coding challenges, allowing the hackers to gain remote access to their networks without the victims even knowing.

The group isn’t just involved in manipulation on LinkedIn. They’re also known for aggressive digital robberies, having stolen over $3 billion in cryptocurrency to date. Some of their eye-catching thefts include taking $37 million from CoinPaid.