- Lazarus Group transferred 400 ETH ($750,000) to Tornado Cash and laundered $2.91 billion through THORChain within the last five days.
- They have also infected the NPM ecosystem with a harmful packages like “BeaverTail” to steal credentials and access crypto wallets
Lazarus Group, linked to North Korea, continues to launder crypto by moving different tokens and using fresh malware to attack developers and steal digital assets.
On March 13, a blockchain security company, CertiK shared a post on their X account stating that they detected a deposit of 400 ETH, which is valued at about $750,000, into Tornado Cash.
The funds transferred were linked to Lazarus Group’s activities on the Bitcoin network. The North Korean hacking organization has been involved in various crypto breaches, including the $1.4 billion Bybit attack in February.
Lazarus Group’s Use of Malware and Crypto Laundering Techniques
Another cybersecurity firm has also found out that Lazarus Group released six harmful packages to infect developer systems, steal their credentials, access crypto data, and install hidden access points.
According to the firm, the hackers targeted the Node Package Manager (NPM) ecosystem, which contains many JavaScript libraries. A particular Malware named “BeaverTail” was embedded in packages designed to look like real ones using typosquatting techniques to trick developers.
So in simpler terms, The hackers attacked the NPM, a place with many JavaScript tools and hid a bad program called “BeaverTail” inside fake files to fool developers.
After the attack, the group tried to hide the stolen assets through different methods, including using THORChain, a decentralized exchange that does not need any identity verification.
Reports show that within five days, about $2.91 billion passed through THORChain, which made it so difficult to track and recover the stolen funds.
Lazarus Group has been scamming different crypto founders with fake Zoom calls. They pose as investors, send false meeting links and claim there are sound problems. Once the victims download a supposed fix, the malware infects their whole device. Most malware targets crypto wallets, especially Solana and Exodus.
Security experts say many have fallen for this trick. Chainalysis reports that the Lazarus Group has stolen over $1.3 billion in crypto from 47 attacks in 2024, more than twice the amount they stole in 2023.
Related Reading | Avalanche Price Faces 24% drop: ETF Approval to Help Conditions