The North Korean Lazarus Group allegedly laundered $200 million worth of crypto into fiat currency between August 2020 and October 2023, according to an April 29 investigative report by crypto sleuth ZachXBT.
The investigation examined over 25 exploits across various blockchains and traced illicitly gained funds through mixers, peer-to-peer marketplaces, and centralized exchanges to show how the funds were removed from the crypto ecosystem.
North Korean Lazarus Group Implicated in Laundering Over $200 Million in Stolen Cryptocurrency
1/ How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020 – 2023
— ZachXBT (@zachxbt) April 29, 2024
According to ZachXBT’s findings, the Lazarus Group has been implicated in laundering more than $200 million worth of stolen cryptocurrency between 2020 and 2023.
These illicit funds were obtained through over 25 crypto hacks allegedly orchestrated by the Lazarus Group, which has gained infamy since its emergence in 2009. The group reportedly stole over $3 billion in crypto assets over the six years leading up to 2023.
“Thousands of people in the space have been impacted directly and indirectly by Lazarus Group attacks, and it seems that number will only continue to increase,” ZachXBT wrote on X.
The North Korean hackers allegedly laundered the stolen digital assets using a combination of crypto mixing services and peer-to-peer (P2P) marketplaces.
The crypto sleuth pointed out that at least $44 million of stolen cryptocurrency has been laundered through the Paxul and Noones P2P marketplaces, utilizing usernames such as “EasyGoatfish351” and “FairJunco470.” These usernames exhibited deposit and trading patterns consistent with the movement of stolen funds.
Further analysis indicates that the hacked funds were predominantly converted into the USDT stablecoin before being exchanged for fiat currencies and subsequently withdrawn. The Lazarus Group has historically relied on over-the-counter traders in China to convert cryptocurrency into fiat currencies.
In November 2023, Tether blacklisted over $374,000 worth of stolen funds associated with the Lazarus Group. Additionally, three out of four stablecoin issuers have reportedly blacklisted an additional $3.4 million sitting in a cluster of addresses linked to Lazarus, as per ZachXBT’s findings.
North Korea-Linked Hacks Account for $2.4 Billion in Cryptocurrency Losses Since 2020
According to data from the United Nations Security Council (UNSC) and DeFiLlama, more than 70% of the cryptocurrency lost to North Korea-linked hacks since 2020 was attributed to exploits involving compromised private keys.
The combined findings indicate that North Korea was implicated in approximately $2.4 billion worth of crypto heists since 2020, with $1.69 billion attributed to thefts resulting from compromised private keys.
🚨 Exposing Lazarus: The Group That Stole $200 Million in Crypto
Lazarus Group Crypto Heists Uncovered
🔰 Who Are They?
➡️ #Lazarus Group, linked to North Korea, known since 2009 for major cyberattacks (e.g., Sony Pictures).
➡️ Shifted focus to crypto-sector from 2020-2023.
➡️… pic.twitter.com/fA5LCST6Yz— Crypto Patel (@CryptoPatel) April 29, 2024
In a report published last month, the UNSC documented investigations into 58 crypto heists with suspected North Korean involvement dating back to 2017. These hacks amounted to approximately $3 billion, with $700 million stolen during 2023 alone.
Blockchain forensics firm Chainalysis reported a higher figure in January, however, estimating that North Korea-linked hacks accounted for $1 billion of the $1.7 billion total stolen in 2020. Interestingly, despite increased activity by North Korean hackers in 2023, they absconded $700 million less than the preceding year.
Approximately $1.7 billion worth of funds were stolen from the cryptocurrency space across 231 hacks. DeFiLlama and UNSC data analysis also revealed a decline in the overall amount of crypto hacked from protocols, dropping to $1.53 billion in 2023 from $3.28 billion in 2022. This trend also contrasts with 2021’s figure of $2.34 billion.
The decrease in losses could signify project security improvements or be influenced by market conditions. Experts caution that hacking volume may surge again with favorable market conditions and the continued growth of the decentralized finance (DeFi) sector, however.