North Korea’s Lazarus Group Laundered $200M from 25+ Crypto Hacks: ZachXBT

Lazarus Group, a hacking organization with ties to the North Korean government dating back to 2009, has allegedly laundered over $200 million stolen from more than 25 cryptocurrency hacks.
The hacks occurred between August 2020 and October 2023, according to research by on-chain sleuth ZachXBT.
By tracing funds across multiple blockchains and through crypto mixing services, ZachXBT linked the hacks to Lazarus Group-controlled accounts at peer-to-peer marketplaces Noones and Paxful. The hackers used these marketplaces to convert the illicit crypto into fiat currency.
Also read: Australia Prepares For A Wave Of Spot-Bitcoin ETF Launches: Bloomberg
Key findings:
- 25+ connected hacks have been identified across various blockchains.
- Stolen funds were laundered via mixers to accounts at P2P exchanges Noones and Paxful.
- $374,000 in Tether (USDT) frozen in November 2023
- Undisclosed funds were frozen in regulated exchanges in Q4 2023.
- Additional $3.4 million in stablecoins has been frozen across groups of addresses.
Lazarus Group has largely shifted focus to crypto industry

Lazarus Group, also known as Bluenoroff or APT38, has a long history of financially-motivated cyber attacks. The group rose to prominence following high-profile incidents like the 2014 Sony Pictures hack and the $81 million Bangladesh Bank heist in 2016. In recent years, their focus has shifted to the lucrative cryptocurrency industry.
According to annual reports from blockchain analytics firms TRM and Chainalysis, the Lazarus Group has been responsible for stealing an estimated $3ā4.1 billion in crypto assets since 2017. This latest research sheds light on their changing money laundering tactics, leveraging P2P platforms to cash out stolen funds.
Also read: Crypto Hacking Group Lazarus Impersonates Fenbushi Capital Exec: Report
The Lazarus Group employs a complex web of transactions to conceal the origin of the stolen funds through a series of intermediary addresses and mixing services. This jumbles funds from multiple sources, making tracking more difficult.