Lazarus Group Steals $240 Million in Cryptocurrency

Unveiling the Operations of Lazarus Group's APT38

Lazarus Group, a hacking group thought to have ties to North Korea, has stolen almost $240 million in cryptocurrency since June 2023. This is a huge increase in the number of bitcoins they have stolen. The notorious hacking group has been linked to several claims from cybersecurity companies including Certik, Elliptic, and ZachXBT about the recent theft of $31 million in digital assets from the CoinEx exchange, which happened on September 12, 2023.

Lazarus Group Crypto Heist Targets CoinEx

The loss of cryptocurrency from CoinEx, one of APT38’s spectacular hacks, emphasises the importance of concise communication. Before the CoinEx intrusion, APT38 targeted Atomic Wallet ($100 million), CoinsPaid ($37.3 million), Alphapo ($60 million), and Stake.com ($41 million).

An address related to Lazarus’ money laundering operation from the Stake.com attack received some CoinEx funds on a different blockchain. Blockchain analytics firm Elliptic revealed this. After a Lazarus bridge transferred these assets to Ethereum, the CoinEx hacker received them.

Image from Certik

Shift in Focus from Decentralized to Centralized Services

Notably, these new attacks show that the Lazarus Group has changed how they do business. In the past, they had been focusing on decentralized services, but recent events show that they are now shifting their focus to centralised platforms. Smart contract auditing and development standards have improved in the decentralized finance (DeFi) sector, which may explain this change. Also, centralized platforms are more likely to be hacked through social engineering attacks.

Lazarus Group North Korea’s Cryptocurrency Strategy

North Korea steals bitcoins to evade restrictions and fund weapons programmes. Additionally, the country hires freelance IT employees from abroad who use phoney IDs to mask their identity. “In recent years, North Korea has increased the size and scale of cyberattacks against cryptocurrency-related businesses,” TRM Labs reported in June 2023. Meanwhile, the country’s nuclear and ballistic missile development appears to have accelerated. North Korea uses cryptocurrency theft to avoid sanctions and fund its weapons programme. The country also employs freelance IT professionals abroad who use fake IDs to hide their nationality.

In June 2023, TRM Labs announced, “North Korea has increased its cyber attacks on cryptocurrency businesses. This appears to have accelerated the country’s nuclear and ballistic missile programmes.”

Rampant Cyber Attacks

In recent months, the Lazarus Group, its sub-clusters, and other North Korean cyber outfits have planned a variety of crimes. Software supply chain attacks on 3CX and JumpCloud, as well as open-source repositories for Python and JavaScript.

CoinsPaid thoroughly investigated the attack and determined that phony bitcoin recruiters had contacted workers via LinkedIn and chat apps. After promising good jobs, these recruiters duped them into “installing the JumpCloud Agent or a special program to complete a technical task.” This intricate scheme was “Operation Dream Job.”

The Lazarus Group’s daring cryptocurrency thefts and hacks continue to pose a major threat to the safety of digital assets and centralized platforms, making the cybersecurity community more alert than ever.

Share this article:

Leave a Reply

Your email address will not be published. Required fields are marked *