North Korean Lazarus Group Laundered over $200M from 2020-ZachXBT

For years, the notorious North Korean hackers have actively been preying on the digital sector to steal millions from crypto-related projects. Despite the efforts to bring down the Lazarus group, the hackers have showcased their competence in launching malicious attacks.

From numerous exploits related to the Lazarus Group, the pseudonymous on-chain researcher ZachXBT has uncovered how the illicit group laundered over $200 million worth of crypto.

Lazarus Group Launders Over $200 Million of Stolen Crypto

ZachXBT noted that the Lazarus Group conducted 25 hacking incidents to steal over $200 million. In their investigations, the ZachXBT observed that the reported hacking incidents were conducted between 2020 and 2023.

The probing noted that after stealing the million from crypto firms and networks, the Lazarus team used a different approach to convert the stolen assets to fiat. Firstly, the hacking group used several crypto mixers to transfer the illicit funds.

The ZachXBT noted that the Lazarus team preferred crypto mixers to exchanges since these platforms can conceal the transaction origin and  destination. The commonly used crypto mixers by the Lazarus Group included Tornado Cash and ChipMixer.

However, since the transaction involved the transfer of massive amounts, Lazarus used both the crypto mixers and the peer-to-peer (P2P) marketplace to avoid being noticed. The ZachXBT noted that the hackers opted for the P2P exchanges since they do not require any third party to transfer the funds.

Unlike centralized exchanges, P2P exchanges allow individuals to transfer their funds directly to the buyer without involving intermediaries. The investigators noted that Lazarus used Noones and Paxful exchanges to convert the stolen assets into fiat.

North Korean Illicit Group Intensifies its Hacking Activities

After analyzing the transaction history, the ZachXBT team noted that around $44 million of stolen assets were transferred to Paxful and Noone’s exchange using “EasyGoatfish351” and “FairJunco470” usernames.

The hackers later transferred some of the stolen funds to a dollar-denominated token called USDT. The ZachXBT team noted that the USDT was converted to cash and withdrawn by the hackers.

Based on the case’s complexity, the ZachXBT team collaborated with Binance and Metamask to trace the transactions made by the Lazarus Group. The ZachXBT findings mirror the previous investigations demonstrating how the Lazarus laundered their illicit funds.

Regulators Team Up with Crypto Firm to Address Financial Crime

In an earlier report, the Lazarus team used the over-the-counter (OTC) platform to transfer their ill-gotten funds. The investigators noted that the hackers preferred Chinese-based OTCs such as Wu Huihui to convert crypto assets into fiat currency.

The malicious attacks linked to the Lazarus group have compelled vital market players to suspend suspicious transactions. In November, the world’s largest stablecoin issuer by market cap, Tether, blocked over $374,000 of stolen crypto assets linked to the Lazarus group.

The Tether team and other stablecoin issuers also blocked an additional $3.4 million of crypto stolen by the hackers. Despite the efforts to suppress the Lazarus activities, hackers have devised a new approach to stealing from firms.

On April 24, the blockchain security firm SlowMist warned the crypto community concerning Lazarus’ recent move. The SlowMist team noted that the hackers were using LinkedIn to steal from the users.

The analyst stated that the Lazarus team pretended to work as blockchain developers seeking new crypto industry opportunities through the LinkedIn platform. Later, hackers launched a malicious attack to steal employee credentials and assets on LinkedIn.

The analyst noted that Lazarus has operated for the last six years. The hacking group has conducted a series of financial crimes to support the North Korean government in the development of weapons of mass destruction and ballistic missile programs.

The hackers conducted one of the largest hacks in the history of crypto in 2022 after it exploited the  Ronin bridge to steal over $600 million of crypto assets. Reportedly, the Lazarus team has stolen over $3 billion since 2009. In 2023, Lazarus accounted for 17% of the total assets stolen.

All trademarks, logos, and images displayed on this site belong to their respective owners and have been utilized under the Fair Use Act. The materials on this site should not be interpreted as financial advice. When we incorporate content from other sites, we ensure each author receives proper attribution by providing a link to the original content. This site might maintain financial affiliations with a selection of the brands and firms mentioned herein. As a result, we may receive compensation if our readers opt to click on these links within our content and subsequently register for the products or services on offer. However, we neither represent nor endorse these services, brands, or companies. Therefore, any disputes that may arise with the mentioned brands or companies need to be directly addressed with the respective parties involved. We urge our readers to exercise their own judgement when clicking on links within our content and ultimately signing up for any products or services. The responsibility lies solely with them. Please read our full disclaimer and terms of use policy here.

Leave a Reply

Your email address will not be published. Required fields are marked *