North Korea’s Lazarus Group Expands Crypto Theft Tactics
North Korea’s Lazarus Group is up to its old tricks again. The notorious hacking group continues to launder stolen crypto funds adn deploy new malware. On March 13, certik spotted a $750,000 Ethereum deposit to Tornado Cash, linked to Lazarus’s bitcoin activities.This transaction is just the latest in a string of high-profile hacks, including the $1.4 billion Bybit exploit in February.
After the theft, Lazarus used various tactics to hide the funds. They employed decentralized exchanges like THORChain, which don’t require identity verification. In just five days, $2.91 billion was moved through THORChain, complicating efforts to track and recover the money.
The group has also launched six new malware packages on the Node Package Manager platform. These packages, including one called beavertail, masquerade as legitimate JavaScript libraries. They steal credentials and crypto wallet data by slightly altering trusted software names, a technique known as typosquatting.
Additionally, Lazarus is tricking crypto founders with fake Zoom calls. Hackers pretend to be venture capitalists and send fake meeting links. When victims download a supposed fix, malware is installed. Several crypto founders have fallen for these scams.
Chainalysis reports that North Korean hackers stole over $1.3 billion in crypto across 47 attacks in 2024, more than double the 2023 amount. This highlights the ongoing threat posed by Lazarus Group.
