Following an investigation initiated by ZachXBT, stablecoin issuers have frozen nearly $5 million linked to the infamous hacker group Lazarus Group.
Stablecoin Issuers Freeze $5 Million in Lazarus Group Funds
On September 14, on-chain detective ZachXBT released details of an investigation into the Lazarus Group, a notorious hacker group backed by the North Korean government.
1/ How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020 - 2023 https://t.co/s8zNFwlamb
— ZachXBT (@zachxbt)April 29, 2024
With the help of experts at MetaMask , Binance , TRM Labs, and Five I's LLC, ZachXBT traced the complex chain of transactions that Lazarus Group used through P2P trading platforms such as Paxful and Noones to legitimize the stolen funds. The investigation found that the group laundered over $200 million in dirty money from 25 attacks on different protocols between 2020 and 2023.
Summary of 25 Lazarus Group hacks from 2020 to 2023. Source: ZachXBT
The Lazarus Group hackers dispersed the stolen funds through a common three-step process. First, Lazarus consolidated the stolen funds from the protocol into an intermediary wallet. The funds were then sent to the Tornado Cash or ChipMixer “mixing” protocol to hide the transactions. The group then withdrew the funds to various intermediary wallets before sending them to P2P exchanges like Paxful or Noones to withdraw them into cash or stablecoins.
Lazarus Group's Money Laundering Process in the 2020 CoinMetro Hack
ZachXBT eventually traced two large wallet addresses used by Lazarus Group to store stolen funds from multiple major hacks. Shortly thereafter, the issuers of USDT , USDC , TUSD , and BUSD froze a total of $4.96 million.
Update: As of today all four stablecoin issuers (Paxos, Tether, Techteryx, Circle) have now blacklisted the two addresses below with $4.96M from Lazarus Group.
— ZachXBT (@zachxbt)September 14, 2024
0x36f2D3871edd59d5C06DB8F0b12bE928d5922A70
0x12ED7f6ed0491678764c2b222A58452926E44DB6
Another $1.65M is frozen at… pic.twitter.com/dZSOltDRy4
However, a portion of the laundered funds were used to purchase $720,000 in Dai and $313,000 in Ethereum that cannot currently be frozen, creating a challenge to contain the entire stolen amount.
In addition, another $1.65 million in assets were frozen at multiple exchanges, bringing the total amount frozen in ZachXBT's investigation to $6.98 million.
While other issuers like Tether, Paxos, and Techteryx were quick to freeze funds associated with the organization, ZachXBT himself criticized USDC issuer Circle for taking more than 4.5 months to begin freezing accounts containing the stolen USDC . ZachXBT said:
"It took 4.5 months longer than other major issuers to blacklist Lazarus Group's wallet. It's tiring to see these virtuous statements when the real problem is how Circle handled it."
Fuck Circle Fuck @jerallaire you do not care at all about the ecosystem except extracting from it.
— ZachXBT (@zachxbt)September 14, 2024
Not once have you ever blacklisted after a DeFi exploit / hack when there was ample time while you continued to profit off the transactions.
You took 4.5 months longer than every… https://t.co/9TFn11UERU
The on-chain detective also criticized the Circle team, which has more than 1,000 employees, for not responding to incidents in time to prevent the consequences of the Lazarus Group hacks.
1000+ employees yet no incident response team who blocks after a DeFi or Lazarus Group hack / exploit to protect the ecosystem.
— ZachXBT (@zachxbt)September 14, 2024
Lazarus Group, a hacker group sponsored by the North Korean government, has carried out a series of major attacks targeting cryptocurrency platforms such as Ronin , Orbit Chain , CoinEx , Stake , Atomic Wallet , Harmony ,... and most recently the WazirX exchange in July 2024. It is estimated that this group has pocketed more than 3 billion USD in the past 3 years, according to a report by cybersecurity company Recorded Future.
According to data from Arkham, Lazarus Group's wallet is holding $95.75 million, including $88.54 million worth of Bitcoin (BTC) - $3 million of Ethereum (ETH ) - $2.74 million of BNB Token and many other crypto assets.
Lazarus Group's assets held in wallets captured on September 16, 2024. Source: Arkham Intelligence
The freezing of nearly $7 million is a major success in the fight against global hacker groups like the Lazarus Group. This move not only prevents some of the stolen money from being stolen from the criminal group, but also provides valuable information, shedding light on the organization's operations, opening up opportunities to arrest and bring those behind it to light.
Coin68 synthesis
Join the discussion about the HOTTEST issues of the DeFi market in the Fomo Sapiens chat group with Coin68 admins!!!
