U.S. Authorities to Seize $2.67 Million in Crypto Linked to North Korean Hacks

Recent legal actions by the U.S. Attorney for the District of Columbia have shed light on the sophisticated methods North Korean hackers use to launder stolen cryptocurrency. The U.S. government is moving to seize approximately $2.67 million in cryptocurrency connected to two major cyberattacks orchestrated by the notorious Lazarus Group. These attacks targeted the crypto options exchange Deribit and the online crypto casino Stake.com.

The first case focuses on $1.7 million worth of Tether (USDT), which was traced back to the Lazarus Group‘s hack of Deribit in November 2022. In this incident, the hackers infiltrated Deribit’s hot wallet and managed to steal around $28 million. After gaining access, they converted the stolen assets into Ethereum and used the Tornado Cash crypto mixer to obscure the funds' trail. The stolen assets were later converted into USDT stablecoins on the Tron blockchain. Law enforcement officials successfully tracked the stolen funds by analysing patterns in the hackers' wallet activities and transaction timings, allowing them to freeze some of the stolen assets spread across multiple wallets.

The second forfeiture action involves approximately $971,000 in stolen Avalanche-bridged Bitcoin (BTC.b) from the crypto casino Stake.com. The Lazarus Group was responsible for a $41 million hack of the platform. After the heist, the hackers used the Avalanche Bitcoin bridge and crypto mixers such as Sinbad and Yonmix to conceal the stolen funds. Despite the sophisticated obfuscation techniques employed, law enforcement agencies were able to freeze some of the laundered assets.

Despite these significant law enforcement successes, the Lazarus Group continues to pose a serious threat in the cryptocurrency space. The group has been linked to several other high-profile cyberattacks, including the July 2024 breach of the WazirX exchange, where they siphoned off over $230 million worth of digital assets. During this attack, more than $100 million in Shiba Inu tokens, $52 million in ether, and other assets were stolen from a multisignature wallet, accounting for nearly half of the total reserves WazirX reported in June 2024.

Following the WazirX hack, the exchange filed for restructuring to manage its financial liabilities. Legal representatives for WazirX indicated that customers are unlikely to recover the full value of their lost assets in cryptocurrency. Current estimates suggest that potential refunds may range between 55% and 57% of the total funds lost.

These recent forfeiture actions underscore the persistent threat posed by North Korean state-sponsored hackers and the growing sophistication of their techniques for laundering stolen cryptocurrency. Despite efforts by law enforcement to freeze assets, the Lazarus Group continues to evade capture, leaving a trail of significant financial damage across the global cryptocurrency landscape.