North Korea’s Lazarus Group Laundered $200M from 25+ Crypto Hacks: ZachXBT

Published: Apr 29, 2024
Written By:
Vignesh Karunanidhi
Milk Road Writer

Lazarus Group, a hacking organization with ties to the North Korean government dating back to 2009, has allegedly laundered over $200 million stolen from more than 25 cryptocurrency hacks.

The hacks occurred between August 2020 and October 2023, according to research by on-chain sleuth ZachXBT.

By tracing funds across multiple blockchains and through crypto mixing services, ZachXBT linked the hacks to Lazarus Group-controlled accounts at peer-to-peer marketplaces Noones and Paxful. The hackers used these marketplaces to convert the illicit crypto into fiat currency.

Also read: Australia Prepares For A Wave Of Spot-Bitcoin ETF Launches: Bloomberg

Key findings:

  • 25+ connected hacks have been identified across various blockchains.
  • Stolen funds were laundered via mixers to accounts at P2P exchanges Noones and Paxful.
  • $374,000 in Tether (USDT) frozen in November 2023
  • Undisclosed funds were frozen in regulated exchanges in Q4 2023.
  • Additional $3.4 million in stablecoins has been frozen across groups of addresses.

Lazarus Group has largely shifted focus to crypto industry

Source: ZachXBT

Lazarus Group, also known as Bluenoroff or APT38, has a long history of financially-motivated cyber attacks. The group rose to prominence following high-profile incidents like the 2014 Sony Pictures hack and the $81 million Bangladesh Bank heist in 2016. In recent years, their focus has shifted to the lucrative cryptocurrency industry.

According to annual reports from blockchain analytics firms TRM and Chainalysis, the Lazarus Group has been responsible for stealing an estimated $3–4.1 billion in crypto assets since 2017. This latest research sheds light on their changing money laundering tactics, leveraging P2P platforms to cash out stolen funds.

Also read: Crypto Hacking Group Lazarus Impersonates Fenbushi Capital Exec: Report

The Lazarus Group employs a complex web of transactions to conceal the origin of the stolen funds through a series of intermediary addresses and mixing services. This jumbles funds from multiple sources, making tracking more difficult.

Vignesh Karunanidhi

Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.

Vignesh Karunanidhi
Milk Road Writer
Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.