Blockchain investigator ZachXBT has revealed seven wallet addresses connected to the North Korean hacking group Lazarus, which contain a total of 891.13 Bitcoin (BTC). These addresses were shared on X on May 21, following ZachXBT’s previous research that led to $3.8 million in frozen digital assets. As of now, the identified wallets still hold the flagged amounts.
On April 29, ZachXBT published an extensive analysis showing how Lazarus laundered $200 million from over 25 hacks since 2020. The investigation discovered that the hackers used peer-to-peer (P2P) marketplaces and crypto-mixing services to convert the stolen crypto into fiat.
Within this process, ZachXBT found that at least $44 million was laundered using the Paxul and Noones P2P platforms, with usernames “EasyGoatfish351” and “FairJunco470” associated with deposits and trading volumes matching the stolen funds. Additionally, the stolen digital assets were converted into Tether (USDT) before being exchanged for fiat and withdrawn.
Earlier this year, after a period of inactivity, the Lazarus Group resumed its operations. On January 8, the hackers transferred $1.2 million worth of stolen digital assets from a mixer to an inactive wallet. They then moved 27.37 BTC, valued at $1.2 million at the time, in two transfers from the crypto mixer. After withdrawing the funds, they sent 3.343 BTC, worth $150,582, to a previously used address.
On April 24, the hackers utilized the professional social media platform LinkedIn to target vulnerable users through malware attacks. Blockchain security firm Slowmist flagged the attack, revealing that the Lazarus Group hackers posed as applicants for blockchain developer jobs to gain access to confidential employee credentials.
The Lazarus Group continues to be a prominent criminal organization focusing on the crypto space. Over the past six years leading up to 2023, they have stolen more than $3 billion in digital assets. The $1.7 billion stolen in 2022 alone exceeds North Korea’s annual income from exports by nearly tenfold.
Magazine: Lazarus Group’s preferred exploit revealed – Analysis of crypto hacks.