Cryptocurrencies

    Lazarus Group launders $750K ETH and deploys new malware

    | Grafa
    Published:
    Article Image

    The Lazarus Group, a North Korean-affiliated hacking collective, has been actively laundering cryptocurrency and deploying new malware strains.

    On March 13, blockchain security firm CertiK reported that the group transferred 400 Ethereum (CRYPTO:ETH), valued at approximately $750,000, to the Tornado Cash (CRYPTO:TORN) mixing service.

    This transaction follows a series of high-profile hacks attributed to the group, including a $1.4 billion theft from Bybit on February 21 and a $29 million breach of Phemex in January.

    CertiK noted that the funds trace back to the Lazarus Group's activities on the Bitcoin network, indicating a sophisticated laundering strategy.

    The group's history includes notorious incidents such as the $600 million Ronin (CRYPTO:RON) network hack in 2022.

    Data from Chainalysis reveals that North Korean hackers stole over $1.3 billion in crypto assets across 47 incidents in 2024, more than doubling thefts from the previous year.

    In addition to laundering activities, researchers from cybersecurity firm Socket have identified six new malicious packages deployed by the Lazarus Group to infiltrate developer environments.

    These packages target the Node Package Manager (NPM) ecosystem and are designed to steal credentials, extract cryptocurrency data, and install backdoors.

    The malware, dubbed "BeaverTail," is embedded in packages that mimic legitimate libraries through typosquatting tactics.

    This deception allows the group to exploit developers who may inadvertently download these harmful packages.

    The malware specifically targets cryptocurrency wallets, including Solana (CRYPTO:SOL) and Exodus wallets, as well as files in popular web browsers like Google Chrome, Brave, and Firefox.

    While it remains challenging to definitively attribute these attacks to the Lazarus Group, researchers noted that the tactics observed align closely with known operations of the group.

    The ongoing use of Tornado Cash for laundering highlights concerns about cryptocurrency mixing services being exploited by cybercriminals to evade detection.

    Disclaimer

    Grafa is not a financial advisor. You should seek independent, legal, financial, taxation or other advice that relates to your unique circumstances. Grafa is not liable for any loss caused, whether due to negligence or otherwise arising from the use of, or reliance on the information provided directly or indirectly by use of this platform.

    Publisher
    Grafa