Alleged Lazarus Group Accounts Frozen
If you follow crypto-related news then you’ve probably heard of the Lazarus group before. This is the group of hackers reportedly sponsored by the North Korean government to steal cryptocurrency which is then used to fund the country’s nuclear weapons program. So far, the group has been credited with the theft of hundreds of millions of dollars.
But now, it seems that some actions have been taken to curb their activities as some crypto exchange accounts believed to be associated with the group have been frozen. These accounts were with the exchanges Huobi and Binance, and OKX.
Stopping the Lazarus Group
This whole saga has been documented by ZachXBT, a popular on-chain sleuth and was also reported by the Binance team. Allegedly, the group had stolen funds from the Harmony crypto group last year and was trying to move these funds.
“North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges,” ZachXBT said.
These types of hacks are, sadly, not uncommon within the industry and it is usually hard to catch and stop the perpetrators of these activities. But in this case, Binance was able to freeze some of the funds, assisting fellow exchange Huobi along the way. According to Binance CEO Changpeng Zhao, 124 BTC has been recovered by the exchanges. Interestingly, Zhao said to another Twitter user that while not all exchange security teams are collaborative, some are and that this was an example of CeFi and DeFi coming together.
“We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi #SAFU!” he said.
While it is already well-known that the Lazarus group is aggressive in its approach, it is interesting to see how far the funds travelled before they got to the exchange wallets. As per a diagram shared by ZachXBT, the funds went through Tornado Cash (a controversial mixing service sanctioned by the United States), Railgun, and consolidation wallets before finally making their way to the exchange accounts.
These are usually done to cover their trail and make the funds harder to track. As ZachXBT explained, these funds do not spend a long time on the exchanges before they are withdrawn but in this case, the exchange was able to stop them. He also noted that there were about 350 crypto wallets associated with the group and these formed part of a very complex web of thefts and transfers.
Will These Ever Stop?
From all indications, the Lazarus group (which has been active for years now) does not plan to stop its thefts anytime soon. But as this incident shows, it is possible to stop them when they make use of centralized crypto services and freeze accounts if necessary.