Lazarus Evading Authorities: Blockchain and Laundering $200M

• Lazarus Group uses platforms like Tornado Cash to obscure the origins of stolen funds.
• Takes advantage of P2P platforms and OTC trading. 
• One OTC trading desk was indicted for facilitating payments to North Korea. 

One of the standout features of blockchain tech is its transparency, as it records all transactions on a public ledger, accessible to anyone. This visibility deters fraud and builds trust, and it has, in the past, helped authorities fight financial crime.  

However, the activities of the North Korean Lazarus Group hackers demonstrate that these features are open to manipulation. The hackers managed to launder some $200 million in crypto in a series of highly sophisticated technical maneuvers. 

Read More

Lazarus Group’s Advanced Crypto Laundering Techniques

On Monday, April 29, the on-chain investigator ZachXBT revealed the sophisticated techniques North Korean Lazarus Group hackers used by the group to launder at least $200 million in stolen assets. 

ZachXBT has reported that the Lazarus Group’s criminal activities have advanced considerably over time. Originally, the group used spear-phishing and software vulnerabilities to infiltrate network systems, allowing them to steal their funds. After the thefts, the group would initiate a sophisticated set of operations to mask the origin of the funds. 

One of the primary methods Lazarus uses to launder stolen cryptocurrency is through services like Tornado Cash. These decentralized platforms mix illicit funds with legitimate crypto, greatly obscuring the source and making it difficult for law enforcement to trace.

Post-mixing, they converted the funds into stablecoins such as USDT (Tether), which are more stable in price. The laundered stablecoins are then moved to peer-to-peer (P2P) platforms and over-the-counter (OTC) trading desks. These platforms are often less regulated than traditional exchanges, giving a cover to the hacking group. 

Lazarus Group Exploited OTC Trading Desks

Finally, the crypto is exchanged for fiat currency. This step often involves collusion with corrupt or less-regulated OTC traders who can facilitate large-volume trades without triggering regulatory oversight. This lack of transparency makes it difficult for regulatory bodies to track and monitor transactions.

Specifically, ZachXBT suggests that the hackers used China-based OTC trader Wu Huihui, who was indicted for facilitating payments for North Korea. This indicates that the Lazarus Group collaborates with traders who are either part of the scheme or are willing to overlook the origins of the funds for profit. 

These traders play a crucial role in the final step of the laundering process by providing access to the traditional banking system. This is the last step before the group can access fiat money and a crucial step in the laundering process. 

On the Flipside

• While blockchain transactions can be circumvented, its basic architecture makes it difficult to obscure transactions for long.  
• Cash remains the preferred method for illegal transactions, offering anonymity far beyond crypto mixers. 

Why This Matters

Lazarus Group’s laundering techniques show that sophisticated actors can use crypto payments for illicit transactions. However, the case also shows just how difficult this operation is. Moreover, the fact that a blockchain investigator managed to track these transactions shows that transactions on the blockchain can’t remain untraced for long. 

Read more about the latest scheme used by the Lazarus Group: 
Beware: Lazarus Hackers Target Crypto Industry via LinkedIn

Read more about the Jellyverse’s entry into the Sei Network: 
Jellyverse Joins Sei Network to Bring DeFi 3.0 to Mainstream