How Lazarus Group Collected $200 Million in Stolen Crypto in Three Years – ZachXBT

Chain sleuth ZachXBT has released a report on the history of the Lazarus Group, the notorious North Korean hacking group responsible for some of the biggest crypto heists in the history of the industry.

The article tracks 25 hacks affecting people and companies in crypto through which Lazarus laundered $200 million of digital assets into fiat between 2020 and 2023.

The Lazarus Group’s $200 Million Money Trail

The analyst examined several six-figure crypto wallet hacks over the past few years, including hacks on several hot cryptocurrency exchange wallets in 2020. This includes $370,000 in Bitcoin (BTC) and Ether (ETH) stolen from the ‘former Canadian exchange Coinberry in August 2020. and $750,000 stolen from CoinMetro in October 2020.

Funds from Coinberry, CoinMetro and others consolidated into one address in early January and slowly moved through Tornado Cash throughout the month. Tornado Cash is a privacy hashing protocol on Ethereum that has since been sanctioned by the US Treasury Department for allowing money launderers and terrorists to cover their tracks.

ZachXBT managed to track these funds on-chain despite their movement through the mixer based on the unique characteristics of their withdrawal transfers. Over the next two years, the assets were consolidated with funds from other Lazarus Group heists and then sent to P2P crypto markets such as Paxful Noones as Tether (USDT).

“374,000 USDT was frozen in November 2023 and an undisclosed amount was frozen on centralized exchanges in Q4 2023,” he tweeted ZachXBT Monday. “An additional $3.4 million was frozen by 3 of 4 stablecoin issuers sitting on an address pool.”

Use of Chinese OTC counters

Lazarus also made multiple transfers to China-based OTC trader Wu Huihui in 2021. It took until April 2023 for the Department of Justice (DOJ) to unseal an indictment against Wu alleging that he had facilitated the payments for the DPRK. ZachXBT said that Chise OTC traders are a historical writing used by Lazarus to convert crypto to fiat.

“Thousands of people in space have been directly and indirectly affected by the Lazarus Group’s attacks, and it looks like that number will only continue to rise,” he concluded.

Analysis by Elliptic last year found that Lazarus was behind more than $300 million worth of crypto hacks in 2023 alone. As of September, they had $47 million worth of crypto in their wallets.

SPECIAL OFFER (Sponsored) LIMITED OFFER 2024 for CryptoPotato readers on Bybit – Use this link to register and open a $500 BTC-USDT position on Bybit Exchange for free!