After North Korean hackers’ crypto theft, the U.S. launches legal actions
2 min readNorth Korean hackers linked to the notorious Lazarus Group have stolen cryptocurrencies worth $2.67 billion. The U.S. is now taking legal action against them.
Legal steps to seize the stolen cryptocurrencies
North Korean hackers associated with the Lazarus Group have stolen more than $2.67 billion in cryptocurrencies so far. The link to Lazarus is significant, as the group has been known for thefts for many years and has been on the U.S.’s radar. In 2022, Lazarus stole $1.7 million from the unregulated trading platform Deribit, followed by a heist of $970,000 from the gambling platform Stake.com in the following year. To launder the funds, the hacker group used the software Tornado Cash. But that’s not all. According to analysis firms such as Chainalysis and TRM Labs, the hackers have stolen between $3 billion and $4.1 billion—primarily from exchanges—since 2017.
Although the hackers used mixers and various addresses to remain undetected, law enforcement agencies continued to track them. The U.S. government has now filed two lawsuits against the North Korean hackers with the aim of reclaiming at least $1.7 million of the stolen cryptocurrencies. Several measures have already been taken to freeze the stolen funds. For example, Tether blacklisted $374,000 in November 2023 due to its connection with Lazarus. Centralized crypto exchanges also froze an undisclosed amount of cryptocurrencies. Three out of four stablecoin issuers blacklisted $3.4 million in the last quarter of the previous year. However, this has not stopped Lazarus from remaining a threat.
The “Lazarus Lore”: The development of North Korean hackers Lazarus Group dates back to the early 2000s
The hackers are not only known as “Lazarus.” Other names like APT38 or Bluenoroff are also used for the cyberattack and crypto-theft group, which is believed to have existed since 2009 or earlier. Their first high-profile attacks included the Sony Pictures hack in 2014 (which involved the release of confidential data) and the 2016 Bangladesh Bank heist, where they stole $81 million. The group now seems primarily focused on cryptocurrencies. Its members are highly skilled and have custom methods to achieve their goals. Analysts describe their attack style as top-notch social engineering.
One particularly insidious attack occurred when a team member from Steadifi downloaded a malicious file from an alleged fund manager on Telegram, allowing Lazarus to gain access. In another case, the treasury management and infrastructure platform Coinshift lost over $900,000 in Ethereum (ETH). The group moves quickly, often laundering the stolen funds within minutes. Once the funds are converted into stablecoins, Lazarus uses peer-to-peer (P2P) exchanges to turn them into cash, making them difficult to trace. However, U.S. authorities are determined to recover the funds. Whether they will succeed remains to be seen.
