Lazarus Group Moves $3.76M Bitcoin to Multiple Wallets

The Lazarus Group, a North Korean state-affiliated hacking syndicate, has recently made news by transferring significant Bitcoin. On-chain data shows that Lazarus Group moved $3.76 million worth of Bitcoin to several unknown addresses, bringing their total to 13,441 BTC, which is worth about $1.15 billion.

Lazarus Group Laundering Scheme is Becoming Alarming

On March 20, Lazarus Group made a significant transaction by sending 12.929 BTC (about $1.12 million) to an unknown wallet. 

They also targeted four other wallets, each receiving a different amount. Two unknown wallets received 0.308 BTC each, one received 14.849 BTC, and the last received 15.684 BTC. Lazarus moved 44.07 BTC to five different wallet addresses within three hours.

This transaction undoubtedly shows that the Lazarus group is still laundering stolen cryptocurrency. Ben Zhou, Bybit’s CEO, commented on the situation, saying that the hackers might be using Bitcoin mixers to hide the origin of the funds. 

Meanwhile, the notorious Lazarus Group has been behind some of the biggest cyber attacks recently. This group often targets cryptocurrency exchanges, financial institutions, and government organizations. It holds a lot of Bitcoin and uses advanced methods to hide its actions and avoid detection.

New Lazarus Malware Targets Developers and Wallets

In addition to laundering stolen funds, the Lazarus Group launched a new malware campaign. 

Researchers discovered six malicious packages to infiltrate developer environments, steal credentials, extract crypto data, and install backdoors. The group’s latest attack method exploits the Node Package Manager (NPM) ecosystem, which JavaScript developers widely use. 

Hackers deceive developers into unknowingly downloading infected dependencies by employing typosquatting techniques–creating package names that closely resemble legitimate libraries. 

These malicious packages contained a new strain of malware, “BeaverTail.” The malware attempts to attract sensitive files from Google Chrome, Brave, and Firefox browsers while compromising macOS keychain data.

Lazarus Group Remains a Threat

It is worth noting that the Lazarus Group allegedly uses the stolen money to help North Korea’s weapons programs. The group has taken millions from significant crypto exchanges. In late June 2024, Alex Lab linked a $4M crypto hack to the notorious hacking group. In 2020, they attacked KuCoin and stole around $275 million.

Similarly, the bad actors hacked the Ronin Network in 2022 and withdrew over $625 million worth of crypto assets. That same year, they stole nearly $100 million from Harmony’s Horizon Bridge. Authorities and blockchain firms are working hard to close these gaps.