North Korean Hackers Seized $2.67 Million in Illicit Fund by US Government

Key Points:

• The U.S. government is pursuing $2.67 million in cryptocurrency tied to North Korean hacker group Lazarus, linked to major hacks of Deribit and Stake.com.
• The hackers used crypto mixers like Tornado Cash and Bitcoin bridges to obscure their stolen assets.

U.S. officials have provided more information on how North Korean hackers launder stolen cryptocurrency as they attempt to recover $2.67 million in digital assets from two of the largest hacks.

Read more: North Korean Lazarus Group Targets Crypto Scam Through Fake LinkedIn Accounts

U.S. Goes After North Korea Hackers in Bid to Seize $2.67 Million in Crypto

Most recently, the U.S. Attorney for the District of Columbia has filed two forfeiture actions to seize funds traced to the Lazarus Group, a North Korean hacking syndicate that has carried out such hacks against the crypto and financial sectors.

The first forfeiture complaint targets approximately $1.7 million worth of Tether (USDT), connected with the $28 million hack by Lazarus of crypto options exchange Deribit back in November 2022. According to investigators, the group used the crypto mixer Tornado Cash to muddy the digital trail of the stolen funds.

After accessing Deribit’s hot wallet server, North Korean hackers first converted the stolen assets to Ethereum and then laundered them using Tornado Cash, eventually ending up converting USDT on the Tron blockchain. These series of actions were traced by the law enforcement authorities, who successfully froze $1.7 million worth of USDT across five wallets.

The second forfeiture action targets $971,000 in Avalanche-bridged Bitcoin from the group’s $41 million hack of online crypto casino Stake.com. The Lazarus Group laundered the funds in a multi-stage system that included conversion of the hacked assets into BTC, percolation of such across mixing services Sinbad and Yonmix, and converting the BTC back to stable coins such as USDT.

North Korean Hackers Suspected in Multiple High-profile Cyber Attacks

The Lazarus Group has become infamous in both the crypto space and wider financial markets. The two attacks on Deribit and Stake.com were part of a larger pattern of cybercrime attributed to the group.

Investigators also suspect North Korean hackers of being involved in the hack of the WazirX exchange last July, which saw $235 million lost.