North Korean Lazarus Group Theft Spree Reaches $240 Million in 104 Days

Nefarious North Korean hacking group Lazarus has stolen almost $240 million in cryptocurrencies up to now 104 days alone.

In a report revealed by blockchain surveillance agency Elliptic, Lazarus has been recognized because the perpetrator behind a collection of main cryptocurrency hacks in latest months, with their exercise intensifying.

The latest assault attributed to Lazarus focused the worldwide cryptocurrency alternate CoinEx, leading to an estimated lack of $54 million. 

Elliptic’s evaluation revealed that funds stolen from CoinEx have been despatched to an tackle beforehand utilized by the Lazarus group for laundering funds pilfered from the Drake-backed crypto on line casino Stake.com, albeit on a unique blockchain. 

As reported, the FBI has recognized Lazarus as accountable for the theft of $41 million from Stake.

Elliptic’s findings align with these of on-chain investigator ZachXBT, who famous on Twitter that the CoinEx hacker had inadvertently linked their tackle to the Stake hack. 

The hacker subsequently transferred the stolen funds to Ethereum utilizing a bridge beforehand employed by Lazarus, earlier than transferring them to a pockets tackle underneath the hacker’s management. 

A good portion of the pilfered funds originated from the Tron and Polygon blockchains.

Moreover, Elliptic found that Lazarus hackers had combined the funds with addresses related to the Stake hack and employed an tackle concerned within the $100 million Atomic pockets hack in June. 

Primarily based on the blockchain exercise and the absence of proof pointing to another risk group, Elliptic concluded that Lazarus Group is the doubtless wrongdoer behind the CoinEx theft.

Lazarus Accountable For Extra Hacks

Latest investigations have linked Lazarus to extra hacks, together with the crypto funds platform CoinsPaid in late June and the crypto fee supplier Alphapo in July. 

Elliptic noticed a shift in Lazarus’ focus in the direction of centralized platforms quite than decentralized ones, probably as a result of feasibility of conducting social engineering assaults in opposition to such targets.

In response to the assault, CoinEx launched an open letter to the hackers, urging them to contact the corporate through e-mail or by the blockchain to debate a bug bounty and the return of the stolen funds. 

To date this yr, Web3 platforms have misplaced over $1.2 billion in hacks and rug pulls, in accordance with a report from Web3 bug bounty platform Immunefi.

The report revealed a complete of 211 separate incidents contributing to this large sum, with the month of August alone accounting for $23.4 million in losses.

The surge in losses throughout August largely contributed to initiatives hosted on the newly launched Ethereum Layer 2 Base community. 

As per the report, Ethereum confronted probably the most vital variety of assaults, with 5 distinct incidents affecting protocols constructed on the community.