Elliptic, the blockchain monitoring company, released a report on Friday. It provides insights into the actions of the infamous North Korean hacking group, Lazarus. This group has significantly increased its activity and recorded a $204 million sum in just 15 weeks.
Lazarus has been associated with five significant cryptocurrency breaches in the last quarter. The most recent one is CoinEx, a worldwide cryptocurrency exchange. CoinEx was compromised earlier this week, resulting in an estimated theft of $54 million. In total, Elliptic’s calculations indicate that Lazarus has stolen nearly $240 million in cryptocurrencies in the past 105 days alone.
“Elliptic analysis confirms that some of the funds stolen from CoinEx were sent to an address which was used by the Lazarus group to launder funds stolen from Stake.com, albeit on a different blockchain,” wrote Elliptic.
Five Attacks In 15 Weeks
- On June 3, 2023, users of Atomic Wallet, a decentralized cryptocurrency wallet with non-custodial features, experienced losses exceeding $100 million. Elliptic attributed this security breach to Lazarus after identifying various compelling indicators pointing to the group’s involvement. The FBI later verified this attribution.
- On July 22, 2023, Lazarus successfully carried out a social engineering attack to gain access to the hot wallets of CoinsPaid, a crypto payment platform. This illicit access enabled the attackers to generate authorized withdrawal requests, resulting in the removal of approximately $37.3 million worth of crypto assets from the platform’s hot wallets. CoinsPaid publicly identified Lazarus as the perpetrator of this attack on July 26, 2023, a claim later corroborated by the FBI.
- Simultaneously on July 22, Lazarus executed another high-profile breach, this time targeting the centralized crypto payment provider Alphapo. They managed to steal $60 million in crypto assets, potentially by exploiting previously compromised private keys. Once again, the FBI attributed this attack to Lazarus.
- On September 4, 2023, the online cryptocurrency casino Stake.com fell victim to an attack resulting in the theft of around $41 million in virtual currency, likely due to a stolen private key. The FBI issued a press release on September 6, 2023, confirming that the Lazarus group was responsible for this incident.
- Lastly, on September 12, 2023, the centralized crypto exchange CoinEx experienced a security breach leading to a $54 million theft. As previously outlined, several compelling factors suggest Lazarus’s involvement in this attack.
