Blockchain investigator ZachXBT has shared seven wallet addresses that have ties to the North Korean hacking group Lazarus and contain a total of 891.13 Bitcoin (BTC). This information was shared on May 21 and follows ZachXBT’s research that led to $3.8 million in digital assets being frozen by authorities. As of now, the identified crypto wallets still hold the flagged amounts.
ZachXBT previously published an in-depth analysis on April 29, revealing that Lazarus has laundered $200 million from over 25 hacks since 2020. The group utilized peer-to-peer (P2P) marketplaces and crypto-mixing services to exchange the stolen crypto for fiat. Specifically, $44 million was laundered through the Paxul and Noones P2P marketplaces, with the usernames “EasyGoatfish351” and “FairJunco470” matching the stolen funds.
The investigation also uncovered that the stolen digital assets were converted into Tether (USDT) before being withdrawn as fiat. Lazarus Group, which had been inactive for some time, resurfaced earlier this year. On January 8, they transferred $1.2 million worth of stolen digital assets from a mixer to an inactive wallet. They then moved $150,582 to an address they had used before.
On April 24, the hackers were observed targeting vulnerable users through malware attacks on professional social media platform LinkedIn. They posed as applicants for blockchain developer jobs to gain access to confidential employee credentials. Lazarus Group has a notorious reputation within the crypto space, having stolen over $3 billion in digital assets in the past six years. The $1.7 billion stolen in 2022 alone exceeds North Korea’s annual income from exports by almost 10 times.