TronWeekly

Crypto World News

You are here: Home / Archives for Lazarus Group

Lazarus Group

eXch Exchange To Shutdown on May 1 Over Accusations of Lazarus Group Ties

by

Privacy-driven eXch halts operations after being accused of laundering funds for Lazarus Group from the $1.4B Bybit hack.

  • eXch to shut down on May 1 due to money laundering allegations.
  • Lazarus Group allegedly used eXch to launder $35 million.
  • Bybit recovers 89% of stolen funds after the $1.4 billion hack.

The privacy-focused cryptocurrency exchange eXch will shut down on May 1 due to money laundering accusations. eXch decided to shut down because it was accused of laundering stolen funds from the $1.4 billion Bybit hack.

eXch Exchange Announces Crypto Business Closure

The eXch team, in an statement, announced “cease and retreat” from their operations because of the accusations. The team stated that the shutdown decision followed a rumoured “”transatlantic operation” which aims to shut down the platform. The investigation claims that North Korean hackers Lazarus Group used eXch to launder $35 million from the Bybit hack.

The Czech-based exchange stressed on its position as a privacy-oriented exchange which implements minimal Know-Your-Customer (KYC) requirements. It denied plans to support criminal transactions and calrified that it an experimental project rather than a  profit-based business. Critics have labelled eXch as a “mixer” but the platform clarified that it was an instant exchange.

The exchange obtained the information from its contacts within the “state intelligence sector.” The team confirmed that the exchange was under investigation for crypto asset laundering activities. However, eXch reinforces its commitment to protect user privacy.

$1.4B Bybit Hack

The Bybit hack is one of the largest cryptocurrency thefts in history with more than  $1.4 billion in stolen funds. The hackers withdrew the stolen funds but Bybit continued to serve its customers. Bybit’s CEO Ben Zhou assured the customers that the company could compensate for the losses if the stolen funds were not recovered.

Bybit had reclaimed its lost market share as of April 10 and experts estimate that 89% of stolen funds could be traceable. The exchange has initiated protocols to freeze on substantial amounts of the stolen funds with the support of bounty hunters who received over $2 million in rewards. The exchange suffered a major financial blow from the hack despite efforts to recover the stolen assets. 

The eXch closure demonstrates the increased scrutiny on privacy-focused crypto platforms. eXch faced increased scrutiny from became law enforcement agencies and regulatory bodies. The exchange’s management expressed displeasure over being targeted by intelligence agencies despite their compliance to transparency and privacy protection standards.

Lazarus Group Reportedly Gains $2.51M from Selling WBTC

by

  • The notorious Lazarus Group from North Korea has allegedly made a profit of $2.51 million by selling 40.78 Wrapped Bitcoin for 1,847 Ethereum after holding it for nearly two years.
  • The group has actively been laundering stolen crypto, moving about 500,000 ETH, which is worth $1.39 billion, from the Bybit hack within 10 days to THORChain to process transactions.

The notorious Lazarus Group from North Korea has allegedly earned $2.51 million by selling 40.78 Wrapped Bitcoin that they bought two years ago.

According to SpotOnChain data, a wallet linked to the North Korean hacker group Lazarus recently sold 40.778 Wrapped Bitcoin for 1,847 Ethereum, which is worth $3.51 million. After the transaction, 2.507 ETH was divided into three wallets, with transfers of 205 ETH, 500 ETH, and 1,865 ETH sent to another address connected to the group.

Their purchase could be traced back to February 2023; the group used about 999,900 USDT to purchase 40.78 WBTC, where one had an average price of $24,521. Since then, Wrapped Bitcoin has continued to rise and has gone up over 240%.

As of the time of writing, WBTCUSD is trading at $83,138, and when they sold, one was valued at an average of $86,170, allowing the wallet to secure a $2.51 million profit, which is a whopping 251% gain after holding for nearly two years.

Within the last 24 hours, wrapped Bitcoin (WBTCUSD) has seen a 24-hour trading volume of $379.28 million, with its value moving between $82,211 and $87,635 within this trading period. The token reached an all-time high of $108,368 on January 20, 2025, with its lowest point being $3,139.17 on April 2, 2019.

Lazarus Group’s Blockchain Transactions

Onchain crypto analysts had been watching the movement of all wallets linked to the Lazarus group, especially after the huge Bybit hack. 

The group has been moving different stolen cryptocurrencies by converting them into different tokens and spreading them across multiple addresses. On March 4, it reportedly laundered almost 500,000 ETH, worth $1.39 billion, from the Bybit hack in just 10 days. THORChain, a decentralized platform, processed about $605 million of this laundered money in a single day.

Related Reading | Ripple Launches RLUSD Stablecoin on Kraken, XRP Price Dips

Lazarus’ $1.12B Bitcoin Hoard: Bybit Hack to Crypto Empire

by

  • Lazarus converted stolen $ETH to 13,562 $BTC ($1.12B) after the Bybit hack, as tracked by Arkham.
  • The group deployed “BeaverTail” malware via NPM, targeting developers to steal crypto credentials.
  • Lazarus launched fake Solana meme coins on Pump.fun, using the platform to launder stolen funds.

Lazarus, the infamous hacker group, has continued to astound investigators after the daring $1.4 billion Bybit hack and memecoin scams. On-chain sleuths has recently traced the trail of the stolen funds, representing sophisticated financial maneuvering despite international sanctions.

Arkham, a blockchain analytics platform, found that Lazarus converted the stolen ETH into Bitcoin, after the Bybit hack. Currently, it hold a total of 13,562 BTC worth roughly $1.12 billion. Hackers often employ this common tactic to condeal the paths of the stolen assets as BTC is relatively more liquid and is widely accepted.

Lazarus
Source: Arkham

This makes North Korea the third-largest state Bitcoin holder, trailing only the US and UK. The rogue nation has leveraged cybercrime to become a major sovereign bitcoin holder—surpassing legitimate state actors like El Salvador and Bhutan.

What’s more concerning is that its state backed hacker group have moved beyond basic illegal access. They have now been found to unleash six harmful packages to infect developer systems, steal their credentials, access crypto data, and install hidden access points. 

As reported by TronWeekly, the hackers’ main target was the Node Package Manager (NPM) ecosystem, which housed many important JavaScript libraries. They embedded a Malware named “BeaverTail” in packages to mimic their real counterparts using typosquatting techniques to fool developers. 

“Lazarus hits npm again. Six new malicious packages target developers, stealing credentials and deploying backdoors.”

Lazarus Group’s Evolving Cyber Tactics

After the attack, the group even tried to hide the stolen assets through different methods, including using THORChain, a decentralized exchange that does not need any identity verification.

Broadening their attack, Lazarus also launched fake meme coins through Solana-based Pump.fun. Cyber experts have observed how cybercriminals utilized the platform to cover up the source of their stolen money. The exchanged funds were then moved to different exchanges, which makes tracking and detection increasingly challenging.

Noted crypto investigator ZachXBT retained undisclosed to prevent interference, however, ZachXBT validated the release of wallets from analytics tools.

Lazarus Group Transfers 400 ETH and Launches New Cyber Attacks

by

  • Lazarus Group transferred 400 ETH ($750,000) to Tornado Cash and laundered $2.91 billion through THORChain within the last five days.
  • They have also infected the NPM ecosystem with a harmful packages like “BeaverTail” to steal credentials and access crypto wallets 

Lazarus Group, linked to North Korea, continues to launder crypto by moving different tokens and using fresh malware to attack developers and steal digital assets.

On March 13, a  blockchain security company, CertiK shared a post on their  X account stating that they detected a  deposit of 400 ETH, which is valued at about $750,000, into Tornado Cash.

The funds transferred were linked to Lazarus Group’s activities on the Bitcoin network. The North Korean hacking organization has been involved in various crypto breaches, including the $1.4 billion Bybit attack in February.

Lazarus Group’s Use of Malware and Crypto Laundering Techniques 

Another cybersecurity firm has also found out that Lazarus Group released six harmful packages to infect developer systems, steal their credentials, access crypto data, and install hidden access points. 

According to the firm, the hackers targeted the Node Package Manager (NPM) ecosystem, which contains many JavaScript libraries. A particular Malware named “BeaverTail” was embedded in packages designed to look like real ones using typosquatting techniques to trick developers. 

So in simpler terms, The hackers attacked the NPM, a place with many JavaScript tools and hid a bad program called “BeaverTail” inside fake files to fool developers.

After the attack, the group tried to hide the stolen assets through different methods, including using THORChain, a decentralized exchange that does not need any identity verification. 

Reports show that within five days, about $2.91 billion passed through THORChain, which made it so difficult to track and recover the stolen funds.

Lazarus Group has been scamming different crypto founders with fake Zoom calls. They pose as investors,  send false meeting links and claim there are sound problems. Once the victims download a supposed fix, the malware infects their whole device. Most malware targets crypto wallets, especially Solana and Exodus.

Security experts say many have fallen for this trick. Chainalysis reports that the Lazarus Group has stolen over $1.3 billion in crypto from 47 attacks in 2024, more than twice the amount they stole in 2023. 

Related Reading | Avalanche Price Faces 24% drop: ETF Approval to Help Conditions

Bybit Launches $140M Recovery Bounty Program After Record $1.4B Crypto Hack

by

  • Bybit launches a $140M bounty program after a $1.4B hack by Lazarus Group.
  • Recovery efforts yield $43M in cmETH tokens, marking progress in Bybit’s $1.4B hack.
  • Tether freezes $181K in USDT linked to Bybit’s $1.4B hack as recovery continues.

Bybit, the world’s second-largest cryptocurrency exchange by trading volume, has introduced a Recovery Bounty Program following a massive security breach on February 21, 2025. The initiative offers 10% of recovered funds, potentially up to $140 million, to ethical cybersecurity experts and blockchain analysts who assist in retrieving assets stolen in the incident. The record-breaking crypto theft in history resulted in the theft of $1.4 billion in cryptocurrencies, mostly Ether, which was lost.

Bybit reacted immediately upon discovering the hack by securing its systems and engaging with industry experts to prevent additional damage. CEO Ben Zhou of Bybit asserted that the stolen funds mainly included staked Ether (ETH) and other ERC-20 tokens stored in an Ethereum cold wallet. However, the company managed to handle over 350,000 withdrawal requests within a few hours after the massive loss while maintaining its operational capabilities for its users. 

Industry Unites to Combat Lazarus Group’s Attack

Through this exchange program, the organization seeks to utilize worldwide crypto expertise to track down stolen funds. Bybit’s CEO, Ben Zhou announced the program launch while stressing his commitment to working with industry partners.

image 236
Source: X

Blockchain investigators, including ZachXBT and Arkham Intelligence, linked the attack to the North Korean-affiliated Lazarus Group. This group, known for high-profile hacks like the Ronin Bridge and Harmony Horizon incidents, moved 10,000 ETH, worth $27 million, to a wallet labeled “Bybit Exploiter 54” on February 22, 2025. Analysts tracked the funds across 53 wallets revealing active laundering attempts through mixers like eXch and bridges like ChainFlip.

Crypto operators from different sectors supplied their backing. Bitget moved 40,000 ETH funds worth $105 million from its reserve accounts to strengthen Bybit’s cash flow operations. Tether froze USDT funds worth $181,000 linked to the hack, while Chainalysis, Zero Shadows and other firms offered investigation and tracking assistance. The industry shows its commitment to fighting skilled threats through joint defense operations.

Recovery Efforts Yield Early Results Amid Ongoing Challenges

Mantle’s mETH Protocol implemented recovery measures successfully by recovering 15,000 cmETH tokens worth $43 million on February 22, 2025. Recently, Bybit spent $100 million USDT to purchase 36,893 ETH at $2,711 per ETH through over-the-counter trades with Galaxy Digital and FalconX, bolstering liquidity. 

Furthermore, After the crisis, Bybit received high praise when former Binance CEO Changpeng Zhao acknowledged Zhou’s transparent communication approach. Auditor Hacken also confirmed that the exchange holds bridge loans which cover losses while maintaining reserves that exceed liabilities.

image 237
Source: Hacken

However, challenges persist. The cyber attack caused a total outflow of $5.5 billion which included stolen money and mass withdrawal of user funds. Bybit remains active in investigating the cause of the breach, with a primary focus on security weaknesses in its Safe Cold Wallet system. Zhou disclosed conferring with the Ethereum Foundation about blockchain solutions, but no decision regarding rollback occurred because of the complexity and necessary community support.

$60 Million: Lazarus Group’s Railgun Laundering Surge Revelation

by

The Lazarus Group, a notorious cyberhacking collective with ties to North Korea, once again made headlines in June 2022 with a brazen attack on Harmony’s Horizon Bridge. The FBI recently confirmed what many suspected: the Lazarus Group was indeed behind the audacious hack that siphoned off a staggering $99.7 million.

This revelation validates earlier assertions by Elliptic, who was the first to point the finger at North Korea following the discovery of striking similarities between the Horizon Bridge hack and Lazarus Group’s past exploits, particularly in blockchain laundering techniques.

The Harmony blockchain’s Horizon Bridge, designed to facilitate cross-chain transactions, fell victim to the Group’s sophisticated tactics, exploiting vulnerabilities exacerbated by its over-centralized nature. This vulnerability to social engineering attacks provided the perfect opening for the hacker group’s calculated assault.

Following the heist, the Lazarus Group utilized Tornado Cash, an Ethereum-based mixer, to obfuscate the illicitly obtained funds. However, their reliance on this method proved short-lived as the US Treasury swiftly sanctioned Tornado Cash in response to its complicity in aiding the cybercriminal activities of the Lazarus Group.

Tracking the Culprits: Lazarus Group’s Crypto Journey

Elliptic’s meticulous research uncovered the intricate web of transactions orchestrated by the Lazarus Group, leading to the eventual tracing of stolen funds through Tornado Cash. Subsequent movement of funds through Railgun, a privacy-based DeFi protocol, underscored the group’s adaptability in the face of sanctions.

Screenshot 176
Source

However, the efficacy of Railgun as a laundering tool was called into question as Elliptic’s analysis revealed that a significant portion of funds from the Harmony hack could be traced back, highlighting the limitations of mixing services when dealing with disproportionately large transfers.

In a bid to launder the tainted funds further, the Lazarus Group attempted to deposit them into various cryptoasset exchanges. Fortunately, vigilant exchanges like Binance and Huobi intercepted and seized a portion of these funds, underscoring the importance of robust blockchain analytics solutions in thwarting illicit activities.

The Harmony Bridge hack serves as a stark reminder of the ever-evolving landscape of cyber threats and the critical role of proactive measures in safeguarding against nefarious actors like the Lazarus Group. As authorities continue to crack down on illicit activities in the crypto sphere, vigilance remains paramount in preserving the integrity of blockchain ecosystems.

North Korea’s $3 Billion Crypto Scandal Unearthed by UN Report

by

The United Nations has sounded an alarm, highlighting a disturbing correlation between North Korea and cyber-attacks, with cryptocurrency emerging as a favored tool in their arsenal. According to a report cited by the South Korean Yonhap news agency, North Korea derives over 50% of its foreign currency through cybercrime, with cryptocurrency hacking alone contributing a staggering $3 billion to their coffers.

The UN report sheds light on the substantial investments funnelled by state-sponsored cyber thieves into digital assets, with up to 40% of these funds allegedly diverted towards the development of weapons of mass destruction (WMD). This revelation underscores the urgent need for robust response mechanisms to combat such threats effectively.

One of the most alarming findings of the report is the involvement of North Korean hackers in numerous cryptocurrency heists, with the UN Security Council identifying 58 cyber-attacks on the blockchain ecosystem between 2017 and 2023, amounting to a total loss of $3 billion. These figures highlight the imperative for decisive action to mitigate the risks posed by North Korea’s cyber warfare capabilities.

Combatting Cyber Threats: The Role of Crypto in Security

While the report itself lacks the authority to enforce sanctions, it serves as a clarion call for collective action. Discussions within the Security Council revolve around implementing measures to hold entities complicit in North Korea’s cybercrimes accountable. However, the road to accountability remains fraught with challenges, compounded by North Korea’s steadfast denial of the allegations.

The gravity of the situation cannot be overstated, especially considering the recurring involvement of state-sponsored actors like the Lazarus group in cyber-attacks. Addressing this threat is paramount for international security agencies, given that nearly half of North Korea’s foreign income is derived from illicit cyber activities.

In conclusion, the UN’s report underscores the critical need for a concerted global effort to combat cyber threats emanating from North Korea. As the international community grapples with the implications of state-sponsored cyber warfare, proactive measures must be taken to safeguard against future attacks and hold perpetrators accountable. Failure to do so could have far-reaching consequences for global security and stability.

Web3 & Crypto Security Crisis: $1.8 Billion Loss, Shocking Trends

by

Immunefi’s 2023 Annual Report has shed light on the state of security in the Web3 and crypto ecosystem, unveiling a series of alarming statistics and trends. A total of 319 instances, combining successful and semi-successful hacking attempts, as well as alleged fraud, were identified, resulting in a staggering overall loss of $1,803,050,600 throughout the year. The third quarter of 2023 emerged as the most turbulent period, with losses reaching unprecedented levels, totaling over $340 million in September alone. 

image 108

94.3% Of Crypto Losses Attributed To Hacks

Hacks took center stage, comprising 94.3% of the total losses, while frauds, scams, and rug pull accounted for a mere 5.7%. Notably, the Lazarus Group, infamous for high-profile attacks, was responsible for $308,600,000, representing 17% of the total losses in 2023.

image 106

The report highlighted that DeFi remained the primary target of successful exploits, constituting 77.3% of the attacks. BNB Chain surpassed Ethereum as the most targeted chain, suffering 133 incidents, while Ethereum witnessed 95 incidents. The total number of incidents spiked by 89.8% YoY, reaching 319 in 2023, showcasing the escalating sophistication of hacking attempts.

Despite the alarming surge in hacking attempts, the total losses in 2023 represented a 54.2% decrease compared to the previous year, amounting to $3,948,856,037. Notably, $241,701,085 of stolen funds were successfully recovered in 19 instances, constituting 13.4% of the total losses.

image 107

Mitchell Amador, Founder and CEO at Immunefi, remarked:

In 2023, despite a reduction in overall losses compared to the previous year, the Web3 sector experienced a substantial surge in hacking attempts and fraud incidents, with the frequency of such cases nearly doubling. 

Looking ahead to 2024, the report predicts continued growth in new protocols and projects within the Web3 space. With cryptocurrency prices on the rise, the sector may witness unprecedented losses. The persistent challenges related to project infrastructure are expected to remain a significant source of vulnerabilities. 

While DeFi may see increased individual attacks, organized groups are projected to shift focus to CeFi projects, driven by the potential for outsized returns. The battle for cybersecurity in the Web3 ecosystem continues to evolve, posing new challenges for the industry.

Related Reading | Indonesia Tightens Grip, Crypto Exchanges Face Registration Deadline: Report

North Korea’s Cryptocurrency Heists: A Persistent Threat

by

In the world of cryptocurrencies, 2023 seems to bring some good news: crypto thefts by North Korean bad actors have plummeted by a staggering 80% compared to the previous year, down from a jaw-dropping $1.7 billion in 2022 to $340.4 million. However, it’s vital to interpret these statistics with caution.

Blockchain forensics firm Chainalysis released a report on September 14, cautioning against hasty optimism. They emphasized that the reduction in stolen funds shouldn’t be viewed as a sign of improved security or diminished criminal activity. Instead, it serves as a stark reminder of the exceptionally high benchmark set in 2022.

faca4d9f b87f 4d28 a57c 7ed037fbf7c3
Source: Chainalysis

Chainalysis noted,

“In reality, we are only one large hack away from crossing the billion-dollar threshold of stolen funds for 2023.”

Recent events corroborate this concern. Over the past ten days, North Korea’s Lazarus Group orchestrated two separate hacks: one targeting Stake, resulting in a $40 million loss on September 4, and another targeting CoinEx, which led to a $55 million loss on September 12. These incidents alone accounted for over $95 million in losses.

Crypto Defenses: Guarding Against Social Engineering

Shockingly, North Korea-linked attacks have constituted around 30% of all cryptocurrency funds stolen through hacks this year, according to Chainalysis.

Erin Plante, Chainalysis’ Vice President of Investigations, expressed her concerns, emphasizing that Lazarus continues to be a prolific crypto thief, and the national security threat posed by North Korea only adds to the worry.

To bolster defenses against these relentless attacks, cryptocurrency companies need to educate their employees on countering social engineering tactics often deployed by hacker groups. These tactics exploit human nature’s trust and carelessness to infiltrate corporate networks.

Simultaneously, Chainalysis revealed another troubling trend. North Korean hackers have increasingly relied on Russian-based exchanges to launder illicit funds in recent years. This partnership has been in place since 2021 and has involved substantial sums of money, including $21.9 million from Harmony’s $100 million bridge hack in June 2022.

Furthermore, the Lazarus Group has utilized United States-sanctioned cryptocurrency mixers like Tornado Cash and Blender in high-profile hacks, including the Harmony Bridge hack. This added layer of obfuscation complicates efforts to trace and recover stolen funds.

Recognizing the grave implications of these cybercrimes, the United Nations is actively working to curtail North Korea’s illicit activities on the international stage, as there is strong evidence suggesting that the stolen cryptocurrency funds are being used to support the country’s nuclear missile program.

In conclusion, while the reduced amount of cryptocurrency stolen by North Korean hackers in 2023 may offer a brief respite, it should not lead to complacency. The crypto world remains susceptible to sophisticated attacks, and vigilance, education, and international cooperation are crucial to mitigating this persistent threat. Moreover, increased smart contract audits may provide a valuable additional layer of security in the ongoing battle against cybercriminals.

South Korea’s Crypto Crackdown: Pursuing Illicit North Korean Funds

by

South Korea’s government is intensifying its efforts with legislation designed to trace and freeze North Korean cryptocurrency and virtual assets funneled into Pyongyang’s illicit weapons program. The story, initially reported by a local media outlet, cites confidential government sources who reveal that this move aims to overhaul the nation’s cybersecurity framework.

Anonymous insiders also divulge that the administration plans to amend the original bill proposed by the National Intelligence Service [NIS] in November 2022. The revisions will include new provisions to actively “trace and neutralize” cryptocurrency and other virtual assets acquired by North Korea through hacking and other unlawful means.

In addition to this cybersecurity legislation, there are reports that the South Korean government is contemplating the creation of a national cybersecurity committee directly under the president’s purview. This committee would implement a range of measures to fortify the country’s defenses against cyberattacks originating from foreign entities. The leadership of this committee, as per the report, would be entrusted to the chief of the National Security Office and would include the director of the NIS.

A recent report from South Korea’s National Intelligence Service underscores the ongoing threat posed by cyberattacks in the cryptocurrency space. Over a period of six months, North Korean hackers managed to accumulate an illicit fortune of approximately $180 million, highlighting the gravity of the situation.

The illicit activities of North Korea’s cyber community, notably the infamous Lazarus Group, have become a worldwide concern. This group has been responsible for numerous high-profile cryptocurrency breaches, including the massive $600 million hack of Ronin, the blockchain supporting the popular play-to-earn game Axie Infinity, which occurred last year.

South Korea Launched An Interagency Investigation

In June, South Korea established an interagency investigation unit to combat crypto-related crimes in response to a surge in illegal activities in the market and the absence of legal protections for investors. The nation’s cryptocurrency market, once one of the world’s fastest-growing, experienced a 66% decline in market capitalization last year due to a series of global and domestic events that dampened investor sentiment.

Domestic factors included a crash of the so-called stablecoin TerraUSD and its counterpart Luna in May 2022, leading to public outrage over alleged fraud by Do Kown, the developer of the currencies. Kown, a global fugitive, was apprehended in Montenegro and faces fraud charges in the United States.

Reuters further revealed that suspected crime-related transactions across local cryptocurrency exchanges surged by a staggering 1,263%, increasing from 66 in 2021 to 900 in 2022.