The Lazarus Heist: North Korean Cyber Group Swipes $3 Billion in Cryptocurrency
A recent release from Recorded Future, a cybersecurity entity, sheds light on the far-reaching cryptocurrency thievery orchestrated by the Lazarus Group, an affiliated hacker faction hailing from North Korea. According to the findings disclosed in the report unveiled on Thursday, the group has managed to abscond with a staggering $3 billion in digital assets over the past six years.
The year 2022 marked a notably audacious period for the Lazarus Group, during which they cunningly extracted $1.7 billion in cryptocurrency. Analysts posit that these gains, obtained through illicit means, were likely channeled to finance various projects within North Korea.
Upon closer examination of the purloined funds, Chainalysis, a firm specializing in blockchain data analysis, reveals that a substantial chunk—$1.1 billion, to be precise—was acquired through pilfering decentralized finance (DeFi) platforms. This aligns with a September report from the U.S. Department of Homeland Security, which emphasized the Lazarus Group's adept exploitation of DeFi protocols.
In response to the escalating cyber threats emanating from North Korea, the U.S. Treasury Department rolled out new sanctions. A pivotal addition to the Office of Foreign Assets Control's list of specially designated sanctions is 'Sinbad,' a crucial figure implicated in laundering the cryptocurrencies unlawfully obtained by the Lazarus Group.
Sinbad's role involves the strategic use of mixer services to obscure the origins of the stolen funds. These services function by amalgamating the transactions of multiple users, effectively masking individual transaction trails and complicating the tracking of the unlawfully acquired cryptocurrencies.
The Lazarus Group has garnered a notorious reputation for its adeptness in orchestrating fund thefts. In 2016, they executed a high-profile hack on the Bangladesh Central Bank, making away with a remarkable $81 million. Two years later, the Japanese cryptocurrency exchange Coincheck fell victim to the group's hacking prowess, resulting in the diversion of $530 million. The Central Bank of Malaysia similarly fell prey to Lazarus Group's attacks in 2018, with $390 million being illicitly siphoned off.
As nations grapple with the mounting threats posed by cybercriminals, particularly those with state sponsorship, the Lazarus Group's persistent success in executing high-stakes cryptocurrency heists underscores the imperative need for robust international cybersecurity measures.