The media have reported that the US government has filed yet another lawsuit to recover nearly $2.69 million worth of stolen digital assets from North Korea's notorious Lazarus hacking group.
It was filed on October 4, 2024, and concerns funds taken from two of the largest cryptocurrency heists in 2022 and 2023: the Deribit hack and the Stake.com hack.
Court documents indicate that the police are pursuing about $1.7 million from the options exchange Deribit in an incident that resulted in a loss of $28 million, which is the amount of Tether (USDT) that was stolen.
First of all, we have to deal with a lawsuit filed by a North Korean criminal group relating to the 2022 Deribit hack that saw nearly $28 million drained from the hot wallet of the cryptocurrency exchange.
For covert purposes, the crooks attempted to launder the money through a combination of virtual currency exchanges, the Tornado Cash mixer, and virtual currency bridges as a means of obscuring their identity.
It was thought that the hackers were concealing their actions and laundering the stolen money by using the Tornado Cash mixer and multiple Ethereum addresses that were used by the hackers.
Avalanche-bridged-Bitcoins (BTC.b) are also being sought by the government as compensation for the loss of revenues from a $4.1 million hacking of the Stake.com gambling platform, which led to a loss of 970,000 Avalanche-bridged-Bitcoins (BTC.b).
In these cases, we have only seen a few examples of the alleged activities of the Lazarus Group when it comes to cybercrime. Several blockchain analysts have also implicated this group in the hacking of WazirX in July 2024, which ultimately led to victims losing an estimated $235 million to the hacker group.
According to a report published by ZackXBT, a blockchain research and investigative team in August, North Korean developers were suspected of hacking into at least 25 cryptocurrencies using fake identities, modifying the code, and taking directly from their Treasury accounts with the use of fake identities.
Recently, the FBI has been stepping up its warnings regarding the activities of the Lazarus Group in a bid to alert citizens.
A report by The Electronic Frontier Foundation on September 20, 2024, exposed some of the highly sophisticated social engineering techniques used by the cybercrime group. These techniques may include cunningly constructed fake job offers, which have been designed to trick users into downloading malicious software masquerading as employment documents to steal data from their computers.
Approximately a year after the Lazarus Group, an online gambling and casino site, was alleged to have stolen $41 million from Stake.com, it has again been reported. As a result of that heist, a second lawsuit has been filed against the thief.
It was discovered that North Koreans and their money laundering co-conspirators stole roughly tens of millions of dollars worth of virtual currency by hacking into Stake.com's computer systems.
It is explained in the forfeiture action notes [PDF] that the stolen funds were transferred through virtual currency bridges, multiple BTC addresses, and virtual currency mixers before consolidation and depositing at various virtual currency exchanges were conducted.
The Lazarus Group moved this stolen cryptocurrency through Bitcoin mixers Sinbad and Yonmix, which were used to handle the move. In the aftermath of the North Korean heist, Sinbad has been sanctioned by the US government because he laundered millions of dollars in return for the money.
According to court documents, law enforcement was able to freeze assets from seven transactions. However, the North Koreans were able to transfer a majority of the stolen funds to the Bitcoin blockchain to avoid being tracked, the documents say.
The FBI recovered another .099 BTC, or approximately $6,270, from another exchange in a further investigation.