North Korean Lazarus Group laundered over $200M in hacked crypto since 2020

Share via:


Lazarus Group, the infamous North Korean state-backed hackers, has laundered over $200 million worth of stolen crypto between 2020 and 2023.

The infamous group of hackers managed to launder over $200 million worth of stolen funds from over 25 crypto hacks, according to pseudonymous on-chain researcher ZachXBT’s April 29 X post.

Lazarus is among the most notorious groups of crypto hackers that first emerged in 2009. In total, the Lazarus Group has stolen over $3 billion in crypto assets in the six years leading up to 2023.

The North Korean hackers used a combination of crypto mixing services and peer-to-peer (P2P) marketplaces to convert the stolen digital asset, according to ZachXBT:

“Identified accounts at Noones and Paxful (P2P marketplaces) that received funds from the hacks and were used to convert crypto to fiat.”

According to ZachXBT, the group of hackers has laundered at least $44 million worth of stolen crypto through Paxul and Noones P2P marketplaces, using two usernames identified as “EasyGoatfish351” and “FairJunco470.” These usernames display deposits and trading volumes in line with the stolen funds.

Stolen funds flow. Source: ZachXBT

The analysis further indicates that the hacked funds were converted into the USDT (USDT) stablecoin, before being exchanged for cash and withdrawn. The group has historically relied on China-based over-the-counter (OTC) traders for crypto-to-fiat conversions.

Over $374,000 worth of stolen funds were blacklisted by Tether in November 2023, while three out of four stablecoin issuers have blacklisted an additional $3.4 million sitting in a cluster of addresses associated with Lazarus, according to ZachXBT.

Related: DeFi platform Hedgey Finance hit by $44 million exploit

Lazarus Group stole 17% of hacked crypto in 2023

Over $309 million, or 17% of the total stolen funds in 2023 are attributed to the Lazarus Group. 2023 saw over $1.8 billion worth of crypto lost to hacks and exploits, according to a Dec. 28 report by Immunefi.

Earlier in April, the North Korean hacker group had been using LinkedIn to steal digital assets using targeted malware attacks, blockchain security analytics firm SlowMist.

Lazarus Group was behind some of the biggest heists in the crypto industry, including the 2022 Ronin Bridge hack, that resulted in $625 million worth of stolen cryptocurrency.

Bitcoin conference and a bad trip to North Korea | Crypto Stories Ep. 10. Source: Cointelegraph

Magazine: 7 ICO alternatives for blockchain fundraising: Crypto airdrops, IDOs & more