Nefarious North Korean hacking group Lazarus has been responsible for stealing an astonishing $240 million in cryptocurrencies in just the past 104 days. The extent of Lazarus’s activities was revealed in a report published by blockchain surveillance firm Elliptic, which highlighted a series of major cryptocurrency hacks in recent months.
The most recent attack attributed to Lazarus targeted the global cryptocurrency exchange CoinEx, resulting in an estimated loss of $54 million. Elliptic’s analysis uncovered that the funds stolen from CoinEx were sent to an address previously used by the Lazarus group for laundering funds stolen from the crypto casino Stake.com, albeit on a different blockchain. The FBI has already identified Lazarus as the culprit behind the $41 million theft from Stake.
Additionally, on-chain investigator ZachXBT noticed on Twitter that the CoinEx hacker had inadvertently linked their address to the Stake hack. The hacker then transferred the stolen funds to Ethereum using a bridge previously employed by Lazarus, before moving them to a wallet address under their control. A significant portion of the stolen funds was traced back to the Tron and Polygon blockchains.
Furthermore, Elliptic discovered that Lazarus hackers had mixed the stolen funds with addresses associated with the Stake hack, as well as utilizing an address involved in the $100 million Atomic wallet hack in June. Based on the blockchain activity and the absence of evidence pointing to any other threat group, Elliptic concluded that Lazarus Group is likely behind the CoinEx theft.
Related Post
In recent investigations, Lazarus has been connected to additional hacks, including those targeting the crypto payments platform CoinsPaid in late June and the crypto payment provider Alphapo in July. Elliptic observed a shift in Lazarus’s focus towards centralized platforms, possibly due to the feasibility of conducting social engineering attacks against such targets.
In response to the CoinEx attack, the exchange released an open letter to the hackers, urging them to contact the company via email or through the blockchain to discuss a bug bounty and the return of the stolen funds. This approach highlights the growing trend among targeted platforms to negotiate with hackers for the return of stolen assets, rather than solely relying on law enforcement.
The CoinEx theft is just one example of the increasing wave of hacks and rug pulls that have plagued the Web3 ecosystem this year. As reported by Web3 bug bounty platform Immunefi, Web3 platforms have lost over $1.2 billion in such incidents, with 211 separate cases contributing to this massive sum. The month of August alone accounted for $23.4 million in losses.
The surge in losses during August was mainly attributed to projects hosted on the newly launched Ethereum Layer 2 Base network. Ethereum faced the largest number of attacks, with five distinct incidents affecting protocols built on the network. This highlights the ongoing need for robust security measures within the cryptocurrency and blockchain industry to protect user funds and maintain trust in the ecosystem.
The Lazarus Group’s brazen activities and success in stealing substantial amounts of cryptocurrencies raise concerns about the evolving tactics and capabilities of hacking groups. Their ability to infiltrate exchanges and launder stolen assets poses a significant threat to the security and stability of the cryptocurrency market. It also underscores the importance of comprehensive security measures and ongoing cooperation between cybersecurity firms, law enforcement agencies, and cryptocurrency platforms to mitigate the risk of such attacks.
As the cryptocurrency industry continues to grow and gain more mainstream adoption, it is imperative to prioritize cybersecurity and implement stringent measures to protect user funds and maintain the integrity of the ecosystem. Collaboration between industry stakeholders is crucial in staying one step ahead of hackers and ensuring a safe and secure environment for all participants in the digital economy.
