- North Korea’s Lazarus Group stole $3.2M in Solana assets, says ZachXBT.
- Hackers moved stolen crypto to Ethereum, then laundered it through Tornado Cash.
- Lazarus avoids CEXs, using DEXs to hide funds and dodge asset freezes.
The notorious North Korean Lazarus Group has been linked to yet another major crypto hack. This time, the amount stolen is estimated to be about $3.2 million. On-chain analyst ZachXBT, who is well-known for tracking blockchain crime, shared new findings about the attack.
Lazarus Group Launders Stolen Crypto Through Ethereum and Tornado Cash
According to reports, the hack occurred on May 16. The victim lost millions of digital assets inside the Solana network. The money was not left long on Solana. Rather, the stolen funds were transferred soon. The hackers washed the money to Ethereum, which could not be traced and recovered easily.
After a while, ZachXBT identified an obvious laundering pattern. On the 25th and 27th June, the hackers put 400 ETH into Tornado Cash, a privacy tool where stolen crypto is frequently dumped. The given move demonstrates the attempts of the Lazarus Group to leave no trace and to cash money.
CoinRank, another blockchain watchdog, has also brought forward the hack on its official X (previously Twitter) account. In an alarm to the crypto community, they alerted them about the increasing menace of state-sponsored cybercriminals.
This is not the first encounter with big crypto crimes attributed to the Lazarus Group. Previously this year, ZachXBT found some evidence that connected the group to the 1 billion Bybit hack. He indicated that the stolen money was transferred in a related manner. The Lazarus Group exchanged the stolen tokens with Ether after that hack.
Assets stolen are usually tokens that possess by their owners; they can be frozen. But, in case of Ether or Bitcoin, there is no central node to prevent transactions. This is why they are appealing coins to hackers seeking to disguise and use stolen money.
Lazarus Group Avoids CEXs to Launder Stolen Crypto
Meanwhile, the Lazarus Group does not trust centralized exchanges (CEXs) for money laundering. CEXs also possess strict compliance regulations and may freeze suspicious wallets. Rather, the hackers turn to the decentralized exchanges (DEXs), which do not require the identity verification. It complicates investigation of money trail by investigators.
The results of ZachXBT concern a significant number of representatives of the Ethereum and Solana ecosystems. They indicate that the existing security systems might not be robust enough to prevent attackers with ties to the state. Use of Tornado Cash repeatedly proves that certain analytics can undermine the war on money laundering in cryptos.
Such is the case that in the view of many, the industry should afford a stronger security and more intelligent tools of compliance. Others are demanding better scrutiny of cross-chain bridges that are commonly utilized by hackers to transfer the stolen funds between blockchains.
In the meantime, the victim who was the target of this recent hack has not been identified. However, the process of stealing is similar, steal tokens, exchange them to Ether and launder money using Tornado Cash and DEX.
Ultimately, the reports by ZachXBT are the reminder to the crypto community that Lazarus Group is still active and dangerous. These scammers manage to identify loopholes to take advantage of blockchain users across the globe. With increasingly sophisticated attacks, greater security, and intelligent tracking, are required to safeguard digital assets against state-sponsored attacks.
