The Lazarus Group from North Korea is still actively launder and move cryptocurrency acquired through illicit means while also employing new malware to target developers and siphon off digital assets.
On March 13, blockchain security organization CertiK identified a transfer of 400 Ethereum (ETH), valued at approximately $750,000, into Tornado Cash. The transaction was traced back to the activities of Lazarus on the Bitcoin (BTC) network. This group has been connected to numerous major hacks, including the notable $1.4 billion breach on Bybit in February.
After this breach, the group took steps to obscure the stolen assets via various methods. They utilized decentralized exchanges such as THORChain (RUNE), which do not enforce identity verification, to exchange and move substantial amounts of cryptocurrency.
Reports indicate that in a mere five days, around $2.91 billion was transacted through ThorChain, making it significantly more challenging to trace and recover the funds.
In a recent series of cyber attacks, the Lazarus Group has also introduced six new malicious software packages on the Node Package Manager (npm) platform. This tool is commonly used by developers to manage and install JavaScript packages for their applications. On March 11, security company Socket released a report detailing this malware, which aims to steal login credentials and crypto wallet information.
The malware, which includes a package named BeaverTail, camouflages itself as legitimate JavaScript libraries through typosquatting, where attackers make slight modifications to the names of trusted software to deceive developers into installing it. Its primary targets include saved credentials in browsers like Chrome, Brave, and Firefox, as well as wallets such as Solana and Exodus.
Moreover, the group has been attempting to deceive cryptocurrency founders with fake Zoom meetings. The hackers impersonate venture capitalists and send fraudulent meeting links, claiming there are audio issues. When victims download a supposed solution, malware is installed. Security experts have noted that multiple crypto founders have fallen victim to these scams.
According to Chainalysis, North Korean hackers stole over $1.3 billion in cryptocurrency through 47 separate attacks in 2024, which is more than twice the amount taken in 2023.