The U.S. government is seeking to seize approximately $2.67 million worth of cryptocurrency linked to two major attacks by North Korean cybercriminals, according to the latest filings from the U.S. Attorney’s Office for the District of Columbia.
US Moves to Seize $2.7 Million in Crypto Tied to North Korea’s Lazarus Group Hacks
These cases reveal how North Korea’s Lazarus Group laundered funds from high-profile attacks on crypto platforms through blockchain mixers, shedding light on the group’s sophisticated money laundering tactics.
The seizures relate to two attacks: the $28 million breach of crypto options exchange Deribit in November 2022 and the $41 million theft from online crypto casino Stake.com in September 2023. Law enforcement traced the stolen assets through blockchain mixing services designed to obscure the source of cryptocurrency transactions.
Tracing Stolen Funds: From Deribit to Tornado Cash
In a seizure dossier, the U.S. government details how Lazarus hackers laundered $1.7 million in Tether (USDT) through Tornado Cash, a crypto mixer at the center of a major money laundering case.
The funds came from the group’s $28 million hack of Deribit, where hackers gained access to the platform’s hot wallet servers, converted the assets to Ethereum and transferred them via Tornado Cash.
Law enforcement tracked these movements by identifying patterns in wallet activity, such as similar-time transactions and the use of cross-chain bridges.
Lazarus Group made three attempts to convert the stolen assets into USDT. While law enforcement was able to freeze the funds in the first two attempts, the hackers successfully laundered the rest during the third wave, leading to the freezing of approximately 1.7 million USDT from the five wallets involved.
*This is not investment advice.