After a quiet start to 2023 on the cryptocurrency front, The North Korean group Lazarus appears to be making up for lost time, stealing more than $290 million in five crypto heists carried out in just over three months.
Until last week, researchers and the FBI had linked Lazarus – an umbrella term that researchers use to refer to various hacker groups working on behalf of the government of the Democratic People’s Republic of Korea (DPRK) – to a quartet of seven- and eight-digit crypto raids. so far this year.
THE heists included $100 million stolen from Atomic Wallet users on June 3, $37 million from CoinsPaid on July 22, $60 million from Alphapo, also on July 22, and $41 million from Stake.com on September 4.
In a September 15 blog postElliptic researchers said there were “a number of factors” that Theft of $53 million from the CoinEx exchange was carried out by hackers aligned with Pyongyang.
Analysis of Elliptic’s blockchain showed that a portion of the funds stolen from CoinEx were laundered through the same wallet the actor used to siphon off the coins he stole from Stake.com. The researchers said they had previously observed the mixing of funds stolen in various hacks in a similar manner, most recently when they consolidated proceeds from the Stake.com and Atomic Wallet heists.
“In light of this blockchain activity, and in the absence of information suggesting that the CoinEx hack was carried out by another malicious group, Elliptic agrees that the Lazarus Group should be suspected of stealing funds from CoinEx” , the researchers said.
The latest heists may indicate that the threat group has shifted its focus from decentralized crypto services controlled by a single organization to decentralized services, which rely on multiple independent nodes.
Decentralized services have been popular targets for hackers in recent years as the decentralized finance (DeFi) ecosystem has grown in popularity. But as DeFi protocols have matured, so have their security measures, meaning there were fewer vulnerabilities to exploit, Elliptic said.
At the same time, centralized crypto exchanges tend to have larger staff numbers and IT systems, which means more opportunities to target human and technological weaknesses.
In a september. 14 messagesChainalysis said, even though the total value of cryptocurrencies stolen by DPRK actors this year was significantly lower than the 2022 figure of $1.65 billion, there was no room for complacency.
Last year’s total was inflated by Theft of $620 million of Ethereum from Ronin Network, a key platform for the mobile game Axie Infinity.
“While it may be tempting to view the reduction in the total value of hacked funds as a marker of progress, we must remember that 2022 set a dismally high benchmark,” Chainalysis researchers said.
“In reality, we are just one major hack away from crossing the $1 billion threshold in stolen funds for 2023. Things are changing quickly online – a major attack could materialize overnight. »
Researchers said they were concerned about growing alliances between DPRK hackers and illicit Russian crypto exchanges, which have a history of not helping law enforcement in their attempts to track down stolen funds .
“With the total amount of stolen cryptocurrencies (since 2016) estimated at $3.54 billion, the DPRK continues to be an incubator for hacking activity and remains one of the largest active threats in the cybercrime landscape “, says the message.