- The U.S. government is seizing $2.67 million linked to North Korean hackers’ laundering schemes using Tornado Cash.
- Lazarus Group’s hacks include a $28 million theft from Deribit and a $41 million attack on Stake.com, highlighting ongoing threats.
- Law enforcement has frozen significant assets from these hacks, but the Lazarus Group continues to elude full recovery of stolen funds.
$2.67 million connected to the North Korean hacker group Lazarus Group is being seized by the US authorities. This action follows two hacks. One hack targeted the crypto options exchange Deribit in November 2022. The second hack affected the online casino Stake.com. The forfeiture actions reveal critical insights into how North Korean hackers launder cryptocurrency through mixers like Tornado Cash.
Tracing the Deribit Hack Funds
The first forfeiture filing pertains to the $28 million stolen from Deribit. This theft involved accessing the exchange’s hot wallet server. After obtaining the funds, hackers converted them to Ethereum. They then used Tornado Cash to launder the assets. Law enforcement tracked these funds through a series of Ethereum wallets.
These wallets displayed similar transaction patterns. They received transfers within minutes of each other. Additionally, they utilized the same cross-chain bridges and transaction fee funding sources. Consequently, law enforcement could trace approximately $1.7 million in Tether (USDT) through five frozen wallets. The hackers made three attempts to launder these funds. However, law enforcement froze the funds in the first two attempts. In the third attempt, the hackers successfully laundered the remaining assets.
Laundering Funds from Stake.com
The second filing involves the Lazarus Group’s $41 million attack on Stake.com. Hackers aim to launder stolen funds in three stages. First, they converted the stolen assets into Bitcoin through Avalanche’s bridge. Next, they used Bitcoin mixers Sinbad and Yonmix. Finally, the hackers converted the Bitcoin into stablecoins, including USDT.
Read CRYPTONEWSLAND on
google news
During the laundering process, law enforcement froze funds during the first and third stages. This intervention was likely due to asset freeze requests to Avalanche Bridge. Law enforcement froze seven transactions during the initial phase. They involved converting stolen assets into native tokens like MATIC and BNB. However, the hackers managed to transfer most of the stolen funds to the Bitcoin blockchain.
Despite improved tracking capabilities, the Lazarus Group remains active. They were recently implicated in the $230 million exploit of the Indian crypto exchange WazirX. The ongoing threat from this group underscores the importance of vigilance in the cryptocurrency.
Crypto News Land, also abbreviated as “CNL”, is an independent media entity – we are not affiliated with any company in the blockchain and cryptocurrency industry. We aim to provide fresh and relevant content that will help build up the crypto space since we believe in its potential to impact the world for the better. All of our news sources are credible and accurate as we know it, although we do not make any warranty as to the validity of their statements as well as their motive behind it. While we make sure to double-check the veracity of information from our sources, we do not make any assurances as to the timeliness and completeness of any information in our website as provided by our sources. Moreover, we disclaim any information on our website as investment or financial advice. We encourage all visitors to do your own research and consult with an expert in the relevant subject before making any investment or trading decision.