In a major development in the crypto space, blockchain investigator ZachXBT identified seven wallet addresses on May 21 containing 891.13 Bitcoin, worth approximately $61 million, linked to the infamous North Korean hacking group Lazarus.
ZachXBT shared these findings on X (formerly Twitter), highlighting the ongoing threat posed by the state-backed hacker group. The revelation follows the investigator’s previous research, which led to the authorities freezing $3.8 million in digital assets.
ZachXBT identifies Seven More Addresses Linked to Lazarus
As of the latest updates, the flagged wallets still hold the amounts identified by ZachXBT. The usernames “EasyGoatfish351” and “FairJunco470” were noted explicitly for their deposits and trading volumes, which matched the stolen funds. The stolen assets were often exchanged into Tether (USDT) before being converted to fiat and withdrawn.
A few weeks ago I published research on 25 Lazarus Group hacks which resulted in $3.8M frozen.
I am sharing 7 additional wallet addresses which currently hold $61.8M (891 BTC) tied to these hacks.
bc1qw88pehjuejym9jyfgn6vn4aaw7q232hlyzzn6f… https://t.co/k6gSrhdkEb pic.twitter.com/bg3EkMaumn
— ZachXBT (@zachxbt) May 20, 2024
Lazarus Group, known for its cyber heists, resurfaced earlier this year after a period of inactivity. On January 8, they moved $1.2 million in stolen digital assets from a mixer to an inactive wallet, involving two transfers totaling 27.37 Bitcoin. Subsequently, 3.343 BTC worth $150,582 was sent to a previously used address.
The group also employed social engineering tactics, using LinkedIn to target vulnerable users with malware attacks. Blockchain security firm Slowmist flagged these attacks, noting that the hackers pretended to apply for blockchain developer jobs to gain access to confidential employee credentials.
Over $200 Million Laundered By North Korean Hacking Group Lazarus
The discovery of seven more addresses comes after an in-depth analysis published by ZachXBT on April 29, detailing how Lazarus laundered $200 million from over 25 hacks since 2020. The investigation revealed that the group orchestrated over 25 exploits across various blockchains, using crypto-mixing services and peer-to-peer marketplaces to obscure the origins of the stolen funds.
The Lazarus Group, infamous for its hacking activities since 2009, reportedly stole over $3 billion in crypto assets over the six years leading up to 2023, directly and indirectly impacting thousands of individuals. The laundered funds were primarily converted into USDT stablecoin before being exchanged for fiat currencies, often through over-the-counter traders in China.
Notably, $44 million of the stolen cryptocurrency was laundered through Paxful and Noones P2P marketplaces using specific usernames. In response, Tether blacklisted over $374,000 worth of stolen funds linked to the group, and other stablecoin issuers blacklisted an additional $3.4 million.
The United Nations Security Council (UNSC) and DeFiLlama data indicate North Korea has been involved in $2.4 billion worth of crypto heists since 2020, with a significant portion attributed to compromised private keys.
Despite the increased hacking activity by North Korean groups in 2023, they stole $700 million less than in 2022. The reduction in losses might reflect improved project security and market conditions. Experts warn that hacking activity could surge again with favorable market conditions and the continued expansion of the decentralized finance (DeFi) sector, however.