Lazarus Group Laundering Crypto Assets via Mixers Following High-Profile Hacks

On March 13, blockchain security firm CertiK alerted its X followers that it had detected a deposit of 400 ETH worth around $750,000 to the Tornado Cash mixing service.

“The fund traces to the Lazarus group’s activity on the Bitcoin network,” it noted.

The North Korean hacking group is known to be responsible for the massive Bybit exchange hack on February 21, which led to the theft of $1.4 billion in crypto assets.

Additionally, it is linked to the $29 million Phemex exchange hack in January, and has continued laundering assets since.

Lazarus has also been tied to some of the most notorious crypto hacking incidents, including the $600 million Ronin network hack in 2022.

According to Chainalysis data, North Korean hackers stole over $1.3 billion in crypto assets in 47 incidents in 2024, more than doubling thefts compared to 2023.

Lazarus Group Deploying New Malware Targeting Developer Environments

According to researchers at cybersecurity firm Socket, the Lazarus Group has distributed six new malicious packages designed to infiltrate developer environments, steal credentials, extract cryptocurrency data, and install backdoors.

The group targeted the Node Package Manager (NPM) ecosystem, which is a large collection of JavaScript packages and libraries.

Researchers discovered malware called “BeaverTail” embedded in packages that mimic legitimate libraries using typosquatting tactics or deceptive methods to trick developers.

“Across these packages, Lazarus uses names that closely mimic legitimate and widely trusted libraries,” they added.

The malware specifically targets Solana and Exodus wallets.

The attack targets files in Google Chrome, Brave, and Firefox browsers, as well as keychain data on macOS, particularly targeting developers who may unknowingly install the malicious packages.

The researchers noted that while attributing the attack definitively to Lazarus is difficult, “the tactics, techniques, and procedures observed in this npm attack closely align with Lazarus’s known operations.”

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Lazarus Group Sends 400 ETH to Tornado Cash appeared first on Coin Engineer.