North Korea’s Lazarus Group Strikes Again With $3.2 Million Scam

North Korea-linked hackers are ramping up attacks on the cryptocurrency sector, with recent investigations pointing to the Lazarus Group’s evolving methods.

On-chain analyst ZachXBT has revealed a string of incidents tied to the regime’s cyber operations. These incidents include the use of fake developer profiles and complex laundering strategies.

Lazarus Hackers Steal Millions as North Korea Intensifies Crypto Attacks

On June 29, Zachxbt reported that the Lazarus Group scammed a user out of $3.2 million in digital assets on May 16.

The stolen funds were quickly converted from Solana to Ethereum. The hacker then deposited 800 ETH into Tornado Cash, a privacy protocol that obscures cryptocurrency transactions.

At the time of reporting, an estimated $1.25 million remains in an Ethereum wallet holding DAI and ETH.

Meanwhile, this attack is just one in a series of activities by the Lazarus Group, which increasingly targets high-value crypto assets.

On June 27, ZachXBT linked the group to a significant exploit affecting multiple NFT projects associated with Matt Furie, the creator of Pepe. The attack also impacted projects like ChainSaw and Favrr.

This series of attacks, which began on June 18, allowed the hackers to take control of several NFT contracts. They then minted and dumped NFTs, stealing an estimated $1 million from these projects.

ZachXBT’s investigation revealed that the hackers moved the stolen funds across three wallets. Eventually, they converted some of the ETH into stablecoins and transferred them to MEXC, a centralized exchange.

Meanwhile, the pattern of stablecoin transfers, tied to a specific MEXC deposit address, suggests that the attackers engaged in multiple crypto projects.

Moreover, the analysis uncovered links to GitHub accounts with Korean language settings and time zones consistent with North Korean activity.

“Other indicators revealed from internal logs point out irregularities in a suspected DPRK IT workers resume. Why would a developer who claims to be living in the US have a Korean language setting, Astral VPN usage, and have an Asia/Russia time zone?,” ZachXBT wondered.

In Favrr’s case, investigators suspect the project’s chief technology officer, Alex Hong, of being a North Korean IT worker. ZachXBT also reported that Hong’s LinkedIn profile was recently deleted, and his work history could not be verified.

Indeed, these incidents highlight North Korea’s ongoing role in cryptocurrency theft. Blockchain analysis firm TRM Labs recently linked the country’s hackers to nearly $1.6 billion in stolen funds, accounting for about 70% of all stolen crypto assets this year.