- The North Korean Lazarus Group has laundered over $200 million in hacked crypto since 2020 through a combination of crypto mixers and peer-to-peer marketplaces.
- The group used usernames like “EasyGoatfish351” and “FairJunco470” on P2P platforms Paxful and Noones to convert stolen crypto into USDT stablecoin before cashing out.
- Lazarus Group was responsible for 17% of all crypto hacked in 2023, totaling over $309 million, and has been linked to major heists like the $625 million Ronin Bridge hack in 2022.
The notorious North Korean hacking group Lazarus has laundered over $200 million in cryptocurrency stolen from crypto hacks since 2020, according to new research.
The Lazarus Group
The Lazarus Group is an infamous group of North Korean state-backed hackers that first emerged in 2009. They are among the most notorious groups of crypto hackers and have stolen over $3 billion in crypto assets in the six years leading up to 2023.
Crypto Laundering Techniques
According to research by pseudonymous on-chain analyst ZachXBT, Lazarus used a combination of crypto mixing services and peer-to-peer (P2P) marketplaces to launder the stolen funds.
The analysis identified accounts on the P2P platforms LocalBitcoins and Paxful that received hacked funds and converted crypto to fiat. Two usernames, “EasyGoatfish351” and “FairJunco470,” received and traded volumes in line with the stolen assets.
The hacked funds were converted to Tether (USDT) stablecoins before being exchanged for cash and withdrawn. Lazarus has historically relied on China-based over-the-counter traders for crypto-to-fiat conversions.
Over $374,000 worth of stolen funds were blacklisted by Tether in November 2022, while three out of four stablecoin issuers have blacklisted an additional $34 million associated with Lazarus.
Recent Major Hacks
In 2022, over $309 million, or 17% of the total funds lost to hacks, were attributed to Lazarus. Major heists include the $625 million Ronin Bridge exploit.
Earlier in April 2023, the group was found using LinkedIn to distribute malware and steal crypto. The North Korean hackers remain a constant threat to the growing crypto industry.
