- Recent data reveals that the North Korean hacking collective Lazarus Group holds around $47 million in cryptocurrency, most of which is in Bitcoin.
- The group does not hold any privacy coins that are notably much harder to trace.
- The group is one of crypto’s most prolific hackers, allegedly responsible for stealing $200 million worth of assets as reported by the US FBI.
North Korean Lazarus Group holds over $40M in Bitcoin
According to the data collected by Dune Analytics from 21.Co which is the parent company of 21Shares, the crypto wallets linked with the Lazarus Group currently hold around $47 million worth of digital assets, including $42.5 million in BTC, $1.9 million in Ether (ETH $1,579), $1.1 million in BNB (BNB $209) and an additional $640,000 in stablecoins, primarily Binance USD (BUSD $1.00).
However, the amount of crypto held appears to have dropped from the $86 million the group held on September 6, a few days after the Stake.com hack in which Lazarus was implicated.
The Dune dashboard tracks 295 wallets identified by the United States Federal Bureau of Investigation (FBI) and Office of Foreign Assets Control (OFAC) as being owned by the hacking group, it noted.
The most recent transactions dated September 20 show that the Lazarus crypto wallets are still very active.
21.co also noted that the group’s holdings are likely to be much higher than what has been reported. It stated:
“We should note that this is a lower-bound estimation of Lazarus Group’s crypto holdings based on publicly available information.”
The Lazarus Group carried out the attack on crypto exchange CoinEx, which lost at least $55 million, according to reports from Cointelegraph on September 13.
The report estimates that North Korea’s Lazarus is responsible for the theft of almost $240 million in crypto in just the past 104 days alone. The report further revealed that some of the funds stolen from CoinEx were sent to an address that was used by the Lazarus group to launder funds stolen from the Drake-backed crypto casio Stake.com, albeit on a different blockchain.
The findings corroborated those of on-chain sleuth ZachXBT, who on the same day, said on Twitter that the CoinEx hacker had “accidentally connected their address” to the Stake hack.
The hacker then moved stolen funds to Ethereum using a bridge previously used by Lazarus, before transferring them to a wallet address known to be controlled by the hacker. A substantial portion of funds originated from the Tron and Polygon blockchains.
The US Federal Bureau of Investigation (FBI), on August 22, 2023, issued an alert, cautioning about North Korean hackers possibly trying to cash out bitcoin valued at over $40 million.
To aid in this surveillance, the FBI disclosed six specific Bitcoin (BTC) addresses linked to these funds:
The FBI had extensive findings and concerns that showed that the hacking factions from the Democratic People’s Republic of Korea (DPRK) were behind multiple crypto security breaches this year.
According to the Agency:
“The DPRK Trader-Traitor-affiliated actors were responsible for several high-profile international cryptocurrency heists to include the $60 million theft of virtual currency from Alphapo on June 22, 2023; the $37 million theft of virtual currency from Coinspaid on June 22, 2023; and the $100 million theft of virtual currency from Atomic Wallet on June 2, 2023.”
The Agency went ahead last week and warned of “significant risk” for potential attacks on U.S. healthcare and public health sector entities by Lazarus Group.