Lazarus Group Shifts $3.76M in Bitcoin, Signals Laundering Efforts

The Lazarus Group, a notorious North Korean hacking outfit, has moved approximately $3.76 million in Bitcoin to five unknown wallet addresses. This action follows their recent hack on the Bybit cryptocurrency exchange, which resulted in a staggering $1.4 billion loss.

• Lazarus Group transferred 44.07 BTC to five unknown addresses.
• Current Bitcoin holdings stand at 13,444 BTC, valued at $1.15 billion.
• The group used Bitcoin mixers to obscure the funds.

Active since at least 2009, the Lazarus Group is no stranger to cybercrime, having targeted various entities, from the South Korean government to global cryptocurrency platforms. Their latest heist on the Bybit exchange marks one of the largest crypto thefts ever recorded.

On March 20, starting at 9:18 AM UTC, the Lazarus Group initiated a series of transactions, moving 44.07 BTC, valued at $3.76 million, to five different unknown wallet addresses. This maneuver reduced their total Bitcoin stash to 13,441 BTC, still a hefty sum worth approximately $1.15 billion. But Bitcoin isn’t the only cryptocurrency in their arsenal; their wallet also holds significant amounts of other digital assets, including 13,658 ETH ($27 million), $3.17 million in BNB, and various stablecoins like BUSD, USDT, USDC, and even $288,870 in Baby Doge Coin (BABYDOGE).

Bybit’s CEO, Ben Zhou, offered insights into the ongoing efforts to track the stolen funds.

88.87% of the stolen funds from the exchange is still traceable through on-chain data.

Zhou further revealed that around 86.29% of the stolen funds, equivalent to $1.23 billion, have been converted into 12,836 Bitcoin and spread across as many as 9,117 wallets. However, the Lazarus Group isn’t making it easy, as Zhou also noted,

The hackers have been using Bitcoin mixers to scramble the transaction history, making the stolen funds even harder to track.

Bitcoin mixers, or tumblers, are services designed to anonymize cryptocurrency transactions by mixing them with others. This makes it extremely difficult to trace the origin and destination of the funds. The Lazarus Group’s use of these mixers highlights their sophisticated approach to laundering, a constant game of hide and seek with law enforcement and blockchain analysts.

Dr. Tom Robinson from Elliptic emphasizes the group’s cunning, stating that they are “near-constantly working to obscure the money trail.” Meanwhile, Dr. Dorit Dor from Check Point notes that North Korea’s closed economy drives their reliance on hacking and laundering as a successful industry, providing a chilling backdrop to the Lazarus Group’s operations.

The historical context of the Lazarus Group’s activities is equally important. From the UpBit hack in 2019, which saw $48.5 million in Ethereum stolen, to the Ronin Bridge attack in 2022, which resulted in a loss of $625 million, the group has left a trail of significant heists. These actions not only fund North Korea’s military and nuclear development but also highlight the vulnerabilities in the crypto ecosystem.

The Lazarus Group’s actions underscore the dual nature of cryptocurrency: a tool for financial liberation and a target for exploitation. While Bitcoin and blockchain technology offer unprecedented freedom and potential for disrupting the financial status quo, they also open the door to sophisticated cybercrimes that challenge the security measures in place.

Bitcoin maximalists argue that the decentralized nature of Bitcoin is its greatest strength, yet the use of Bitcoin mixers by groups like Lazarus shows how this same decentralization can be exploited. On the flip side, altcoins and other blockchains like Ethereum provide unique functionalities and niches that Bitcoin alone cannot fill, such as smart contracts and decentralized applications, which also present new security challenges.

As we champion the principles of decentralization, privacy, and effective accelerationism, it’s crucial to remain aware of the dark sides of this revolution. The Lazarus Group’s activities serve as a reminder of the need for continuous innovation in blockchain security and the importance of vigilance in the face of such threats.

Key Takeaways and Questions

• What is the Lazarus Group, and why are they significant in the cryptocurrency space?

  The Lazarus Group is a North Korean state-sponsored hacking organization active since at least 2009. They are significant due to their involvement in major cybercrimes, including the recent Bybit hack, which resulted in one of the largest cryptocurrency thefts recorded.

• How much Bitcoin did the Lazarus Group transfer, and what is the current value of their Bitcoin holdings?

  The Lazarus Group transferred 44.07 BTC, worth approximately $3.76 million, to five different unknown wallet addresses. Their current Bitcoin holdings stand at 13,441 BTC, valued at around $1.15 billion.

• What is the purpose of the Lazarus Group’s Bitcoin transfers?

  The transfers are believed to be part of a laundering effort to make the funds more difficult to trace.

• What other cryptocurrencies does the Lazarus Group hold, and what are their values?

  The group holds 13,658 ETH ($27 million), $3.17 million in BNB, $706,400 in DAI, $288,870 in BABYDOGE, and various stablecoins like BUSD, USDT, and USDC.

• What did Bybit’s CEO say about the traceability of the stolen funds?

  Bybit’s CEO, Ben Zhou, stated that 88.87% of the stolen funds are still traceable through on-chain data, with 86.29% converted into Bitcoin and spread across multiple wallets.

• How are the hackers obscuring the stolen funds?

  The hackers are using Bitcoin mixers to scramble the transaction history, making the stolen funds harder to track.