Title: Lazarus Group Involved in Illicit Crypto Laundering Through Cross-Chain Bridges
The notorious Lazarus Group, linked to North Korea, has been responsible for illegally laundering up to $7 billion in cryptocurrency through cross-chain crime. These funds have been stolen between July 2022 and July 2023, with the group stealing approximately $900 million of the illicit proceeds. This alarming trend has been highlighted in a recent report by blockchain analytics firm Elliptic.
The Rise of Cross-Chain Crime:
Cross-chain crime is a method of converting crypto assets from one token or blockchain to another, often in rapid succession, to obscure their origin. This technique has become an attractive avenue for money laundering in crypto thefts, serving as an alternative to traditional mixers, which have increasingly come under scrutiny and subject to seizures and sanctions.
Lazarus Group’s Involvement:
According to data collected by Elliptic, the Lazarus Group has heavily contributed to the significant increase in the transfer of funds through cross-chain services. The group has employed cross-chain bridges to execute their illicit activities, leading to a surge of 111% in the proportion of funds sent via these channels.
The group’s activities and targets:
The Lazarus Group, known for its three-pronged approach encompassing cyber espionage, cyber sabotage, and financial gain, has been responsible for several high-profile attacks. Since June 2023, they have stolen nearly $240 million in cryptocurrency through attacks on platforms such as Atomic Wallet, CoinsPaid, Alphapo, Stake.com, and CoinEx.
A Recognized Money Laundering Typology:
One of the striking aspects of the Lazarus Group’s operations is the constant bridging back-and-forth between blockchains, commonly known as “chain-hopping.” This technique aims to obfuscate the origin of the transferred assets and has now been recognized as a money laundering typology. The repetitive movement of assets within the same blockchain without any legitimate business purpose exposes the intent to obscure their origins.
The Threat Landscape:
The Lazarus Group’s actions highlight their diversity and unorthodox implementation of campaigns. Their cyber activities encompass not only financial gains but also cyber espionage and sabotage. To supplement their operations, the group has utilized the Avalanche Bridge, depositing over 9,500 bitcoins and subsequently leveraging cross-chain solutions to further move the stolen assets.
South Korea’s Alert:
As these activities continue to unfold, South Korea’s National Intelligence Service (NIS) has issued a warning regarding North Korea’s attacks, particularly targeting the shipbuilding sector. The NIS has identified North Korean hacking organizations’ primary methods, including compromising IT maintenance companies’ PCs and the distribution of phishing emails to internal employees, followed by the installation of malicious code.
The increasing prevalence of cross-chain crime perpetrated by the Lazarus Group underscores the evolving nature of cybercriminal activities in the cryptocurrency realm. Money laundering typologies like “chain-hopping” have established themselves as recognized methods, necessitating concerted efforts by regulatory bodies, law enforcement agencies, and industry stakeholders to counter these advanced threats. Vigilance, robust security measures, and an understanding of these evolving tactics are crucial in safeguarding the crypto ecosystem from illicit activities.