North Korean Hackers Launder $200M in Crypto

North Korea’s Lazarus Group laundered over $200 million in stolen crypto from 2020 to 2023 using P2P markets and mixers.

Between 2020 and 2023, the infamous and state-backed hackers from North Korea, the Lazarus Group, laundered stolen cryptocurrencies worth over $200 million. 

According to an April 29 X post by the pseudonymous on-chain researcher ZachXBT, the funds were plundered from over twenty-five crypto hacks. 

Lazarus emerged in 2009 as one of the most infamous crypto hackers organizations. Since 2023, the Lazarus Group has pilfered cryptocurrency assets worth more than $3 billion over the preceding six years. 

The North Korean hackers converted the stolen digital assets using a combination of peer-to-peer (P2P) marketplaces and crypto blending services, according to ZachXBT:

“Identified accounts at Noones and Paxful (P2P marketplaces) that received funds from the hacks and were used to convert crypto to fiat.”

As reported by ZachXBT, the group of hackers used the peer-to-peer marketplaces Paxul and Noones to launder at least $44 million worth of stolen cryptocurrency under the aliases “EasyGoatfish351” and “FairJunco470.” The volumes of deposits and trades associated with these identifiers correspond to the stolen funds.

Additionally, the analysis reveals that the compromised funds were transformed into the USDT stablecoin before their withdrawal for cash. Historically, the organization has needed over-the-counter merchants based in China to facilitate crypto-to-fiat conversions.

ZachXBT reports that in November 2023, Tether blocked stolen funds worth more than $374,000 and that three out of four stablecoin issuers have blocked an additional $3.4 million residing in a cluster of addresses associated with Lazarus.

In 2023, Lazarus Group stole 17% of compromised cryptocurrencies. 

17% of the total funds misappropriated in 2023, or more than $309 million, are ascribed to the Lazarus Group. Over $1.8 billion in cryptocurrencies were compromised and exploited in 2023, according to a report published by Immunefi on December 28. 

According to blockchain security analytics firm SlowMist, the North Korean hacker group was using LinkedIn to pilfer digital assets through targeted malware attacks in early April. 

Lazarus Group was responsible for several of the largest cryptocurrency industry heists, including the 2022 Ronin Bridge hack, which seized cryptocurrency worth $625 million.