Lazarus Group Launders Over $200 Million in Stolen Crypto

• Over $200 million in stolen cryptocurrency was laundered by a North Korean group.
• Lazarus Group exploited over 25 vulnerabilities to steal and convert funds.

Blockchain security researcher ZachXBT uncovered a large-scale money laundering operation by the infamous North Korean hacker group, Lazarus Group. According to ZachXBT’s investigation, Lazarus Group managed to launder over $200 million worth of stolen cryptocurrency between August 2020 and October 2023.

This raises serious concerns about the vulnerability of blockchain ecosystems and the challenges of tracking and deterring cyberattacks from state-backed actors.

Lazarus Group’s Elaborate Laundering Scheme

The investigation revealed that the Group targeted over 25 vulnerabilities across various blockchains to steal cryptocurrencies. The stolen funds were then funnelled through a complex network of cryptocurrency mixers, peer-to-peer marketplaces (P2P), and centralized exchanges. This multi-layered approach aimed to obfuscate the origin of the funds and make them difficult to trace.

ZachXBT identified specific accounts on P2P platforms like Noones and Paxful that were allegedly used by Lazarus Group to convert stolen cryptocurrencies into fiat money. These accounts, identified as “EasyGoatfish351” and “FairJunco470,” reportedly received a significant amount of stolen funds and displayed trading volumes consistent with laundering activities.

The laundered funds were reportedly first converted into Tether (USDT), a stablecoin pegged to the US dollar, before being withdrawn as cash. Historically, Lazarus Group is believed to have relied on over-the-counter (OTC) traders based in China to convert cryptocurrencies into fiat. 

However, recent actions by Tether and other stablecoin issuers are making it more difficult for the group to operate. In November 2023, Tether blacklisted over $374,000 worth of stolen funds linked to Lazarus Group. Additionally, ZachXBT reports that three other stablecoin issuers have blacklisted an additional $3.4 million associated with the group’s activities.

Lazarus Group: A Persistent Threat to Blockchain Security

Lazarus Group is considered one of the most notorious hacker groups targeting cryptocurrency platforms. They are estimated to have stolen over $3 billion in crypto assets in the six years leading up to 2023. The group has been linked to several high-profile cyberattacks, including the $625 million Ronin Bridge hack in 2022 and the $100 million Harmony bridge exploit in 2023.

The Lazarus Group’s latest laundering operation highlights the critical need for enhanced security measures within the blockchain industry.

Crypto exchanges and service providers must prioritize robust cybersecurity protocols to mitigate vulnerabilities and deter cyberattacks. Collaboration between industry players, law enforcement agencies, and international organizations is crucial to disrupt the activities of state-backed hacker groups and protect the integrity of the cryptocurrency ecosystem.