North Korean Lazarus Group laundered over $200M in hacked crypto since 2020

As a researcher with extensive experience in the field of crypto and cybersecurity, I find the activities of the Lazarus Group to be both intriguing and alarming. The group’s ability to launder over $200 million worth of stolen crypto between 2020 and 2023 is a testament to their sophistication and tenacity.


As a crypto investor, I’ve heard some alarming news. The notorious Lazarus Group, believed to be backed by the North Korean government, is reportedly responsible for laundering over $200 million in cryptocurrencies stolen between 2020 and 2023.

A notorious gang of hackers is reportedly responsible for laundering more than $200 million in ill-gotten crypto gains from at least 25 successful heists, as revealed in a recent blog post by the anonymous on-chain investigator ZachXBT.

I, as an analyst, can assert that since their inception in 2009, Lazarus Group has gained notoriety for being one of the most prolific crypto hacking organizations. Their exploits have resulted in the theft of a staggering $3 billion in cryptocurrency assets between 2017 and 2023.

North Korean hackers reportedly employed crypto mixing services and decentralized P2P markets to exchange the pilfered digital currency, as per the analysis of ZachXBT.

“Identified accounts at Noones and Paxful (P2P marketplaces) that received funds from the hacks and were used to convert crypto to fiat.”

Based on ZachXBT’s findings, a gang of hackers is believed to have laundered over $44 million in stolen cryptocurrency through the Paxul and Noones peer-to-peer marketplaces. Two specific usernames, “EasyGoatfish351” and “FairJunco470,” have been identified as being involved in this money laundering scheme. These usernames show transactions with deposits and trading volumes consistent with the stolen funds.

According to the investigation’s findings, the stolen funds were transformed into Tether (USDT) stablecoins, which were later exchanged for cash and taken out of the system. The organization has a history of utilizing OTC dealers based in China for converting cryptocurrencies to fiat currencies.

Approximately $374,000 in stolen funds were blocked by Tether in November 2023. Furthermore, three out of every four stablecoin issuers have prevented an extra $3.4 million from being accessed, which are linked to the Lazarus group’s collection of addresses, as reported by ZachXBT.

Lazarus Group stole 17% of hacked crypto in 2023

As a crypto investor, I’d rephrase it as follows: In the year 2023, approximately 17% or $309 million of the total $1.8 billion worth of cryptocurrency lost due to hacks and exploits can be linked back to the Lazarus Group, according to a report by Immunefi published on Dec. 28th.

Back in April, I learned that a notorious North Korean hacking group had devised a new tactic for stealing digital assets. Instead of relying on traditional methods, they started utilizing LinkedIn as their hunting ground. This group, which was identified by the blockchain security analytics firm SlowMist, employed targeted malware attacks to infiltrate unsuspecting victims’ networks and ultimately, swipe their crypto holdings.

The cybercrime organization Lazarus Group played a role in some of the most significant crypto industry thefts, such as the 2022 Ronin Bridge heist, which netted them an estimated $625 million in stolen digital currency.

Read More

2024-04-29 18:17