Pseudonymous on-chain investigator ZachXBT has meticulously detailed how the Lazarus Group, the infamous North Korean hacking syndicate, allegedly laundered over $200 million in hacked cryptocurrency funds into fiat currency. ZachXBT analyzed more than 25 hacks across multiple blockchains, meticulously tracing the flow of capital through various coin mixers and exchanges over a three-year period from August 2020 to October 2023.
According to the report, Lazarus Group employed multiple coin mixers in their money laundering efforts. These mixers aim to obfuscate the origin and destination of transactions by blending them with other tokens, transactions, and addresses. Specifically, the North Korean-linked hackers utilized the Ethereum mixer Tornado Cash and the Bitcoin-based ChipMixer.
In addition to leveraging coin mixers, the hacker group frequently transferred tokens across different blockchains to further complicate the tracing of funds. They also made use of peer-to-peer (P2P) exchanges, which facilitate direct asset exchanges between individuals without the involvement of a centralized exchange. Lazarus Group specifically utilized the Bitcoin P2P exchanges Noones and Paxful.
Lazarus Group has been identified as the mastermind behind several high-profile crypto hacks in recent years. The FBI attributed the group to the $41 million attack on Stake.com, a gaming firm, as well as the $622 million exploit of the Ronin bridge. Altogether, the group has amassed over $2 billion in stolen digital assets from its various heists.
ZachXBT, with assistance from industry leaders such as crypto exchange Binance and top Ethereum wallet MetaMask, has identified multiple accounts believed to be linked to Lazarus Group. These accounts allegedly received $44 million from Lazarus hacks and successfully converted the stolen funds into fiat currency.