7
Lazarus Group has been linked to multiple hacks in the crypto space in recent years. Bybit/flickr.com

KEY POINTS

  • Lazarus first consolidated the stolen funds into one address earlier this year
  • The consolidated funds were moved slowly through crypto mixing tool Tornado Cash
  • Finally, Lazarus sent the 'mixed' funds to P2P marketplaces where they were converted into fiat

A prominent cryptocurrency and blockchain security researcher has published a lengthy and very detailed report into how Lazarus Group, the notorious North Korea-linked hacking group tied to multiple exploits in the digital assets space, laundered some $200 million in stolen cryptocurrencies into fiat during a three-year period.

ZachXBT, known for his extensive research into crypto-related hacks and scams over the past years, has just dropped an in-depth report on Lazarus Group, closely following more than 25 hacks carried out by the hacking team between August 2020 and October 2023.

The blockchain researcher traced more than 25 "connected hacks across multiple blockchains and through mixers to centralized exchanges."

Among the monitored hacks was the exploit of Canadian exchange CoinBerry in August 2020, wherein some $370,000 worth of Bitcoin (BTC) and Ether (ETH) were pilfered. Another exploit linked to Lazarus Group was that of a low-code blockchain solution, which lost $400,000 to unauthorized transfers.

A massive hack linked to the North Korean hackers was that of crypto exchange CoinMetro, which lost $750,000 in digital assets due to a security breach.

Funds stolen from the said hacks, and other exploits through October 2023 were then consolidated into one address earlier this year. The funds moved gradually via cryptocurrency mixer Tornado Cash throughout January. The stolen funds were then sent to peer-to-peer marketplaces such as Noones and Paxful, which the hacking group used to convert crypto into fiat.

"Thousands of people in the space have been impacted directly and indirectly by Lazarus Group attacks and it seems that number will only continue to increase," ZachXBT warned to conclude his investigation.

Many crypto users lauded ZachXBT for the effort he put – 15 months of tracking the funds' movements – into putting together an extensive report that revealed the tactics used by the notorious hackers.

One user asked ZachXBT how Lazarus Group actually pushed the stolen digital assets into centralized exchanges. He explained that it gets difficult to detect pilfered funds when they're run through multiple mixers and exchanges before cashing out.

At least one X (formerly Twitter) user expressed concern about whether ZachXBT gets paid for the incredible work he puts into his investigations. The well-known crypto sleuth said he receives grants and donations "from time to time," but for his Lazarus Group probe, "no one" sponsored his research.

Meanwhile, Tornado Cash, where a whopping $1 billion "criminal proceeds" from Lazarus passed through, faces a complaint in the U.S. over the crypto mixing tool's alleged facilitation of illicit funds linked to the hacking group.