North Korea's Lazarus Group Holds $47 Million in Cryptocurrencies, Most Of It Bitcoin

North Korea’s Lazarus Group Holds $47 Million in Cryptocurrencies, Most Of It Bitcoin

Updated: 25 September 2023

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

The notorious Lazarus Group, a state-backed North Korean cybercrime entity, holds $47 million in cryptocurrencies, primarily Bitcoin (BTC).

That’s according to data collected by 21.co subsidary Dune Analytics, which shows the group’s wallets contain approximately $42.5 million in BTC, $1.9 million in Ether (ETH), $1.1 million in Binance Coin (BNB), and an additional $640,000 in stablecoins, with Binance USD (BUSD) dominant.

But the amount marks a significant decrease from the $86 million it held shortly after its hack of Stake.com. The Dune dashboard tracks 295 wallets associated with the hacking group that have been identified by the Federal Bureau of Investigation (FBI) and the Office of Foreign Assets Control (OFAC), the report said.

Despite accumulating a substantial amount of cryptocurrency, the Lazarus Group tends to avoid using privacy-focused coins such as Monero, Dash, or Zcash. These cryptocurrencies are known for providing enhanced anonymity and making it challenging to trace transactions and users.

Cryptocurrency Assets Held by Lazarus Group (Source: Dune Analytics)

The digital wallets linked to the Lazarus are still quite active, with the latest transaction taking place as recently as September 20, the report said.

The group may hold even more crypto because the estimate is a conservative approximation based on publicly accessible data, it said.

Lazarus Has Stolen $3 Million Crypto A Day In Last 100 Days

InsideBitcoins reported earlier that the Lazarus has consistently been carrying out cyberattacks, managing to seize nearly $3 million worth of cryptocurrencies each day for the past three months. The state-sponsored group stole $293 million in various digital currencies in just 100 days since June 7. The most significant incident involved the theft of $100 million from Atomic Wallet, initially reported as a $35 million loss, but later adjusted upwards following a thorough investigation

Lazarus, labeled a “state-sponsored hacking organization” by the FBI, was also linked to a CoinEx cryptocurrency exchange hack that stole $55 million. This link was established when the group unintentionally disclosed an address that matched those associated with prior security breaches, including the incidents involving Stake and Optimism.

It appears North Korea is also responsible for the $54M @coinexcom hack from yesterday after they accidentally connected their address to the $41M Stake hack on OP & Polygon.

0x75497999432b8701330fb68058bd21918c02ac59 pic.twitter.com/9qZPdc3yhT

— ZachXBT (@zachxbt) September 13, 2023

Lazarus Group has also been linked by the FBI to other several thefts involving digital currencies, such as those targeting Alphapo, CoinsPaid, and Atomic Wallet.

North Korean hackers have taken nearly $2 billion in digital currencies since 2018 through more than 30 cyberattacks, including $1 billion in 2022 alone, says blockchain intelligence firm TRM Labs.

Significant Drop in North Korean Hacker-Linked Crypto Thefts

But Chainalysis reported that thefts linked to hackers from North Korea so far this year have plunged 80% compared to the whole of last year. As of mid-September, these hacker groups had managed to steal a combined total of $340.4 million in cryptocurrency, marking a significant decrease from the $1.65 billion worth of digital assets taken in 2022.