Lazarus Exposed: $200M Crypto Laundering Scheme Revealed
A comprehensive report by the anonymous analyst ZachXBT has uncovered the money laundering tactics employed by the North Korean hacking collective, Lazarus Group. The group is estimated to have laundered over $200 million in cryptocurrency stolen from at least 25 hacking incidents between August 2020 and October 2023.
The criminals employed a sophisticated scheme involving numerous mixers, such as Tornado Cash for Ethereum and ChipMixer for Bitcoin. Tools like decentralized exchanges and swappers were utilized to blend digital assets, further obfuscating their origins. ZachXBT’s report spans more than 25 different hacking incidents from August 2020 through October 2023.
Moreover, the hackers extensively used P2P exchanges like Noones and Paxful, which facilitate anonymous asset exchanges between users. According to ZachXBT, these exchanges enabled the group to convert $44 million into fiat currency.
In the fight against cybercrime, ZachXBT has collaborated with leading companies in the cryptocurrency industry. Exchanges like Binance and the popular cryptocurrency wallet MetaMask have assisted in identifying accounts linked to Lazarus.
These findings corroborate previous reports on how North Korean hackers launder money through over-the-counter traders (OTC). One such instance involved the April 2023 arrest of Chinese national Wu Huihui, accused of aiding North Korean authorities, who was subsequently sanctioned by the U.S. government.
Security experts and government officials suspect that the funds generated from these cyberattacks are used to support North Korea’s nuclear program and military development. The country’s increasing reliance on cybercrime as a revenue source is seen as a direct response to international sanctions.
The report underscores the persistent threat posed by state-sponsored hacking groups to the cryptocurrency industry. It highlights the need for continued improvement in security measures and due diligence practices by cryptocurrency platforms and investors alike.
