Two latest forfeiture actions initiated by the US Attorney for the District of Columbia have shed new light on the money laundering tactics employed by North Korean crypto hackers.
The US government is attempting to seize approximately $2.67 million in stolen cryptocurrency from two significant hacks.
According to the legal filings, the government seeks to recover about $1.7 million in Tether (USDT) that was traced through the Tornado Cash mixer.
This sum is part of the $28 million stolen by the North Korean-linked Lazarus Group from the crypto options exchange Deribit in November 2022.
The hackers breached a Deribit hot wallet and then passed the funds through the Tornado Cash mixer and various Ethereum addresses in an effort to evade detection.
Additionally, US law enforcement officials have filed to recover roughly $970,000 in Avalanche-bridged-Bitcoin (BTC.b) stolen in the Lazarus Group's 2023 hack of the Stake.com gambling platform.
This attack resulted in losses exceeding $41 million for Stake.com.
The first filings delves into the Lazarus Group's tactics for laundering funds stolen from the Deribit hack, utilising the crypto mixer Tornado Cash—an entity currently under scrutiny in a significant money laundering trial.
Law enforcement has successfully traced portions of the $28 million laundered in this operation, which began when North Korean hackers infiltrated Deribit's hot wallet server.
They converted stolen assets into Ethereum, funneled them through Tornado Cash, and ultimately transformed them into Tether stablecoins on the Tron blockchain, as illustrated in a diagram within the filing.
Investigators tracked the laundered funds by analysing patterns among certain Ethereum wallets, noting that these wallets received transfers within minutes of each other, employed similar cross-chain bridges, and drew transaction fees from a common source.
The hackers attempted to convert their Ethereum assets to USDT in three separate waves.
However, the first two attempts were thwarted when law enforcement froze portions of the funds.
In their third attempt, the hackers successfully laundered the remaining assets, leaving approximately $1.7 million in USDT frozen across five wallets under investigation.
The second filing addresses the Lazarus Group's $41 million hack of online casino Stake.com and their subsequent attempts to launder the stolen funds in three distinct stages.
Initially, the hackers converted the funds into Bitcoin (BTC) using Avalanche's Bitcoin bridge.
They then moved the BTC through mixers Sinbad and Yonmix, before ultimately exchanging it for stablecoins like USDT.
During the first and third stages of this process, law enforcement successfully froze relevant funds, likely through asset freeze requests directed at Avalanche Bridge.
In the first stage, authorities froze assets from seven transactions, which typically involved converting the stolen funds into native tokens such as Polygon's MATIC and Binance Smart Chain's BNB before bridging that value to Bitcoin.
However, despite these interventions, the filing reveals that "the North Koreans were able to transfer the majority of the stolen funds to the BTC blockchain."
Once the funds were on Bitcoin, the hackers utilised mixers Sinbad and Yonmix—services similar to Tornado Cash on Ethereum—to further obscure the flow of the stolen assets.
Although law enforcement was able to trace the movement of the funds through these mixing services, they could only recover an additional 0.099 BTC, valued at approximately $6,270 at current prices, despite identifying the consolidation wallet.
The hacks of Deribit and Stake.com are just a glimpse of the broader range of cyberattacks attributed to North Korea's Lazarus Group.
Onchain analysts suspect that the Lazarus Group was also behind the July 2024 breach of the well-known WazirX exchange, which resulted in a staggering loss of approximately $235 million.
Adding to the concerns, a 15 August report from onchain investigator ZackXBT revealed a network of North Korean developers who have infiltrated at least 25 cryptocurrency projects.
These developers, operating under aliases, gained unauthorised access to various projects, compromising code and looting project treasuries.
ZackXBT noted that the individuals identified in the investigation likely operate as part of a single coordinated entity, raising alarms about the scale and sophistication of these cyber threats.
The recent US government initiative to file complaints aimed at seizing assets linked to North Korean hackers emphasizes the persistent struggle against cybercrime, especially within the cryptocurrency realm.
According to PeckShieldAlert, crypto hacks and exploits resulted in losses exceeding $120 million in September 2024, shedding light on the significant vulnerabilities present in the digital asset landscape.
This incident is likely to intensify regulatory scrutiny and raise concerns among investors regarding the safety of their assets, prompting a reevaluation of security measures in the industry.
Bitcoin's surge to $45,000 triggers record-high 66% funding rates in perpetual futures, making long positions costly. Market experts predict sustained bullishness amid expectations for a Bitcoin ETF approval.
JoyxKingdom combines SocialFi and GameFi, offering kingdom building, hero upgrades, Twitter rewards, and a multifaceted earning ecosystem.
BrianThree promising early-stage GameFi projects: one quietly launched with $6M funding, another offering testnet airdrops and FreeMints, and a third preparing a limited 500 FreeMint release.
KikyoThe Data Ownership Protocol, leveraging zk-SNARKs and ECDSA, introduces a user-centric data privacy model in the blockchain space, integrating seamlessly with Ethereum dApps and offering enticing incentives through its testnet and referral program.
BrianChina faces a rising tide of corruption facilitated by the surge in cryptocurrency and electronic gift cards, challenging traditional anticorruption efforts. Experts urge a dual strategy involving legal reforms to address new corruption forms and enhanced technological capabilities for effective governance.
JoyThe global count of Bitcoin ATMs has decreased by 11.1% from the start of 2023 to 2024, marking a significant departure from its previous growth trend.
AlexOKX Wallet integrates with Amulet DeFi and KelpDAO, enhancing user experience and ETH staking.
KikyoVintage Mickey Mouse NFTs surge in popularity as they enter public domain, topping OpenSea's charts.
BrianDWF Labs invests in WAGMI, spiking its market value by 54%.
AlexThe Orbit Bridge exploit presents a significant challenge for Klaytn, prompting immediate action and highlighting the need for enhanced security measures in blockchain ecosystems.
Kikyo