North Korean Lazarus Group has laundered over $200M in hacked crypto since 2020

The Lazarus Group, the infamous North Korean state-backed hackers, laundered over $200 million worth of stolen crypto between 2020 and 2023.

The funds were stolen from over 25 crypto hacks, according to pseudonymous on-chain researcher ZachXBT’s April 29 X post.

Lazarus is among the most notorious groups of crypto hackers and first emerged in 2009. In total, the Lazarus Group stole over $3 billion in crypto assets in the six years leading up to 2023.

The North Korean hackers used a combination of crypto mixing services and peer-to-peer (P2P) marketplaces to convert the stolen digital assets, according to ZachXBT:

“Identified accounts at Noones and Paxful (P2P marketplaces) that received funds from the hacks and were used to convert crypto to fiat.”

According to ZachXBT, the group of hackers has laundered at least $44 million worth of stolen crypto through the Paxul and Noones peer-to-peer marketplaces, using two usernames identified as “EasyGoatfish351” and “FairJunco470.” These usernames display deposits and trading volumes in line with the stolen funds.

Stolen funds flow. Source: ZachXBT

The analysis further indicates that the hacked funds were converted into the USDT (USDT) stablecoin before being exchanged for cash and withdrawn. The group has historically relied on China-based over-the-counter traders for crypto-to-fiat conversions.

Over $374,000 worth of stolen funds were blacklisted by Tether in November 2023, while three out of four stablecoin issuers have blacklisted an additional $3.4 million sitting in a cluster of addresses associated with Lazarus, according to ZachXBT.

Related: DeFi platform Hedgey Finance hit by $44 million exploit

Lazarus Group stole 17% of hacked crypto in 2023

Over $309 million, or 17% of the total stolen funds in 2023, are attributed to the Lazarus Group. 2023 saw over $1.8 billion worth of crypto lost to hacks and exploits, according to a Dec. 28 report by Immunefi.

Earlier in April, the North Korean hacker group was using LinkedIn to steal digital assets with targeted malware attacks, blockchain security analytics firm SlowMist reported.

Lazarus Group was behind some of the biggest heists in the crypto industry, including the 2022 Ronin Bridge hack that resulted in $625 million worth of stolen cryptocurrency.

Magazine: 7 ICO alternatives for blockchain fundraising: Crypto airdrops, IDOs & more


Please enter CoinGecko Free Api Key to get this plugin works.