NEW: FREE Web3 Resume Cheat Sheet DOWNLOAD NOW

U.S. takes legal steps to seize stolen crypto from North Korean hackers

In this post:

  • The U.S. government is taking steps to seize $2.67 million in stolen crypto from North Korean hackers tied to the Lazarus Group.
  • Lazarus stole $1.7 million from Deribit in 2022 and $970,000 from Stake.com in 2023, laundering the funds through Tornado Cash.
  • The group has been responsible for stealing up to $4.1 billion in crypto since 2017, with the U.S. government tracking its moves.

The United States is coming after North Korean hackers who stole over $2.67 million in crypto. On October 4, the government filed two complaints to seize this stolen crypto.

The target? The infamous Lazarus Group, a hacking crew linked to the North Korean government. The funds in question were swiped from two big crypto heists.

$1.7 million in USDT from the 2022 Deribit hack and $970,000 worth of Avalanche-bridged Bitcoin (BTC.b) from Stake.com in 2023.

The Lazarus lore

The Lazarus Group has been hacking companies and stealing millions since at least 2009.

It started with high-profile attacks like the 2014 Sony Pictures hack and the 2016 Bangladesh Bank heist. Now, its focus is on crypto. 

Analysts estimate that since 2017, the group has taken between $3 billion and $4.1 billion from crypto companies.

The Deribit hack was classic Lazarus Group. It breached a hot wallet and siphoned off $28 million in crypto. After grabbing the funds, it used Tornado Cash to hide its tracks.

The Lazarus Group then moved the crypto through several Ethereum addresses to make things even harder to track.

Even though the group used mixers and multiple addresses, law enforcement stayed on their tail. Now, they want to recover at least $1.7 million of the stolen USDT.

See also  Thailand SEC to launch DLT-based trading platform for digital tokens

Track record in crypto theft

Lazarus Group, also known as APT38 or Bluenoroff, is notorious for its cyberattacks and crypto heists. The group is highly skilled, with tailor-made tools for each target. 

What’s shocking is the sheer scale of the group’s operations. Reports from analytics firms like Chainalysis and TRM Labs show just how much damage the hackers have done.

They estimate Lazarus has stolen between $3 billion and $4.1 billion since 2017, mostly from exchanges. In August 2023, they took control of Steadefi’s deployer wallet and drained $1.2 million in crypto.

This attack was social engineering at its finest. A Steadefi team member downloaded a malicious file from someone posing as a fund manager on Telegram.

In another attack, the Coinshift platform lost over $900,000 in Ethereum (ETH), and just like with Deribit, Steadefi and the rest, the hackers laundered the stolen crypto through Tornado Cash.

What’s even more interesting is how fast they operate. On August 23, the attackers from both the Steadefi and Coinshift hacks made deposits into the Tornado Cash 100 ETH pool within mere minutes of each other.

Once they convert the funds into stablecoins, the Lazarus hackers use peer-to-peer (P2P) exchanges to turn the stolen crypto into cash.

See also  South Korea’s 'bitcoin kimchi' premium index rises by 9.7%

Paxful and Noones, two popular P2P platforms, were key parts of their process. According to the U.S. complaints, Lazarus Group’s Paxful deposit address (0x2465) has been involved in multiple hacks, including those targeting EasyFi, Bondly, and Nexus Mutual.

In response to these hacks, several actions have been taken to lock down the stolen funds. In November 2023, Tether blacklisted $374,000 in USDT connected to Lazarus.

At the same time, other centralized exchanges froze an undisclosed amount of crypto. By Q4 2023, three out of four major stablecoin issuers had blacklisted a total of $3.4 million linked to Lazarus.

However, despite these efforts, Lazarus continues to evolve and adapt, making it a persistent threat in the industry.

Cryptopolitan Academy: Are You Making These Web3 Resume Mistakes? - Find Out Here

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Subscribe to CryptoPolitan