Sources report that the U.S. Justice Department has filed seizures for $2.67 million in cryptocurrency found to be associated with North Korean hackers, particularly from the Lazarus hacks. Tether stablecoins and Avalanche-bridged Bitcoin contributed to this huge amount. The amount was blocked when fraudsters tried to transfer it from platforms like Tornado Cash and a few others. The frozen money is found to be in connection with two massive cyber operations: the Deribit hack from 2022 and the Stake.com hack in September 2023.
How it Went Down?
The US government has already retrieved around $1.7 million of Tether from the Deribit hack and nearly $970,000 of BTC.b from the Stake.com hack. These seizure filings, brought forward by the U.S. Attorney for the District of Columbia, unveiled new information about how the Lazarus Group moves its hacked crypto. The government is allegedly making efforts to retrieve all the laundered crypto amounting to $2.67 million.
In addition to this amount, sources report that the authorities are striving to bring back approximately 15.5 Avalanche-bridged Bitcoin (BTC.b), worth around $971,000, from the total hack of $41 million in the online crypto casino, Stake.com.
The first seizure report highlights how Lazarus hacked and laundered funds made from the Deribit fraud via the Tornado Cash mixer. This platform is a primary point for the nearing money laundering trial, which has gained massive traction from crypto enthusiasts. The Lazarus Group successfully transferred $28 million after breaking into Deribit’s hot wallet server, changing the hacked currencies into Ethereum, and then trickling them forward through Tornado Cash.
The authorities were able to reportedly trace the money by locating specific trends in some Ethereum wallets. These wallets gained funds within minutes almost at the same time, had the same cross-chain bridges, and had one source of funding for transaction fees. In the end, all of the transfers were pooled up in consolidation addresses.
The hackers allegedly tried three times to convert Ethereum to USDT when the authorities froze and blocked components of the hacked transfers. The hackers’ third time was half successful, which left the government with around $1.7 million in USDT frozen in five wallets, while the rest of the money was leveraged by the fraudsters.
The Use of Sinbad and Yonmix Mixers
The next filing had the main spotlight on one of the Lazarus hacks of $41 million through the online casino Stake.com. The tricksters reportedly tried to take out the stolen funds in three batches: firstly, the assets were converted into Bitcoin through Avalanche’s Bitcoin bridge, then they were moved through the BTC mixers like Sinbad and Yonmix, and in the end, the Bitcoin was changed into stablecoins like USDT. The authorities report to have blocked the funds from the first and third stages, mainly through blocking requests forwarded to the Avalanche Bridge.
In the first phase, authorities were able to block assets linked to seven transactions that involved the conversion of stolen assets into native tokens like Polygon’s MATIC and Binance Smart Chain’s BNB. Even with the blocking, “the North Koreans were able to transfer the majority of the stolen funds to the BTC blockchain,” as reported by the filing.
From the third phase of the Lazarus hacks, law enforcement could only recover an additional 0.099 BTC, valued at approximately $6,270 at the present market rate.
Conclusion
The latest US government seizure demonstrates how law enforcement authorities are struggling to combat complex cyber and crypto hacks like the Lazarus Hacks and their deceitful techniques. With around $2.67 million in cryptocurrency highlighted for forfeiture, including Tether and Avalanche-bridged Bitcoin, these operations mark an integral point in eliminating the financial frauds of North Korean cybercriminals. Learn more about crypto hacks and government interventions with TurkishNYRadio.
