North Korean Lazarus Group Theft Spree Reaches $240 Million in 104 Days

Nefarious North Korean hacking group Lazarus has stolen practically $240 million in cryptocurrencies up to now 104 days alone.

In a report printed by blockchain surveillance agency Elliptic, Lazarus has been recognized because the perpetrator behind a sequence of main cryptocurrency hacks in latest months, with their exercise intensifying.

The newest assault attributed to Lazarus focused the worldwide cryptocurrency alternate CoinEx, leading to an estimated lack of $54 million. 

Elliptic’s evaluation revealed that funds stolen from CoinEx have been despatched to an handle beforehand utilized by the Lazarus group for laundering funds pilfered from the Drake-backed crypto on line casino Stake.com, albeit on a special blockchain. 

As reported, the FBI has recognized Lazarus as liable for the theft of $41 million from Stake.

Elliptic’s findings align with these of on-chain investigator ZachXBT, who famous on Twitter that the CoinEx hacker had inadvertently linked their handle to the Stake hack. 

The hacker subsequently transferred the stolen funds to Ethereum utilizing a bridge beforehand employed by Lazarus, earlier than shifting them to a pockets handle beneath the hacker’s management. 

A good portion of the pilfered funds originated from the Tron and Polygon blockchains.

Moreover, Elliptic found that Lazarus hackers had combined the funds with addresses related to the Stake hack and employed an handle concerned within the $100 million Atomic pockets hack in June. 

Based mostly on the blockchain exercise and the absence of proof pointing to another risk group, Elliptic concluded that Lazarus Group is the probably wrongdoer behind the CoinEx theft.

Lazarus Accountable For Extra Hacks

Latest investigations have linked Lazarus to extra hacks, together with the crypto funds platform CoinsPaid in late June and the crypto fee supplier Alphapo in July. 

Elliptic noticed a shift in Lazarus’ focus in direction of centralized platforms relatively than decentralized ones, presumably as a result of feasibility of conducting social engineering assaults towards such targets.

In response to the assault, CoinEx launched an open letter to the hackers, urging them to contact the corporate through e mail or by the blockchain to debate a bug bounty and the return of the stolen funds. 

Up to now this yr, Web3 platforms have misplaced over $1.2 billion in hacks and rug pulls, in keeping with a report from Web3 bug bounty platform Immunefi.

The report revealed a complete of 211 separate incidents contributing to this huge sum, with the month of August alone accounting for $23.4 million in losses.

The surge in losses throughout August largely contributed to initiatives hosted on the newly launched Ethereum Layer 2 Base community. 

As per the report, Ethereum confronted essentially the most important variety of assaults, with 5 distinct incidents affecting protocols constructed on the community.