The notorious North Korean hacking collective, Lazarus, has reportedly pilfered close to $240 million in cryptocurrencies over a span of just 104 days.
Elliptic, a blockchain tracking firm, released a report pinning Lazarus as the culprits behind a string of significant cryptocurrency breaches in recent times, suggesting a surge in their illicit activities.
The latest in their series of heists was an assault on the international crypto exchange, CoinEx, leading to an estimated depletion of $54 million from its reserves.
Elliptic’s in-depth probe unveiled a connection between the stolen CoinEx funds and an address historically linked to Lazarus. This address had been previously used by the group to launder money extracted from the crypto casino endorsed by Drake, Stake.com, though the funds moved through a distinct blockchain.
In a related disclosure, the FBI has attributed a $41 million theft from Stake to the Lazarus group.
The conclusions drawn by Elliptic mirror the insights of on-chain detective ZachXBT. In a Twitter observation, ZachXBT pointed out that the individual behind the CoinEx breach inadvertently established a connection between their address and the prior Stake intrusion.
Following the theft, the perpetrator channeled the illicit gains to Ethereum via a bridge that Lazarus has been known to use in the past. The funds were then relocated to a wallet directly under the hacker’s dominion.
A substantial chunk of the misappropriated assets had their roots in the Tron and Polygon blockchains.
Delving deeper, Elliptic discerned that the Lazarus operatives had intertwined the stolen funds with addresses previously implicated in the Stake heist. Moreover, they utilized an address that had been part of the massive $100 million Atomic wallet breach earlier in June.
Piecing together the blockchain footprints, and given the lack of indicators pointing to any other malicious entities, Elliptic has confidently identified the Lazarus Group as the probable architect behind the CoinEx robbery.
Lazarus Responsible For More Hacks
Lazarus has been linked to an increasing number of cyber breaches, with recent probes tying them to the intrusion of the crypto payments service, CoinsPaid, in late June and the crypto payment gateway, Alphapo, in July.
Elliptic’s analysis noted a strategic pivot by Lazarus, gravitating towards centralized systems as opposed to decentralized platforms. This shift is speculated to be driven by the ease of executing social engineering tactics against centralized entities.
Following the cyber assault, CoinEx made a public appeal to the culprits through an open letter. The exchange implored the hackers to initiate a dialogue, either via email or blockchain communication. The purpose of this outreach was to negotiate a potential bug bounty and to discuss the possibility of returning the misappropriated assets.
Web3 platforms have witnessed significant losses in 2023, with over $1.2 billion being drained due to hacks and rug pulls, as outlined in a study conducted by Web3 bug bounty service, Immunefi.
The study cataloged a total of 211 distinct events that collectively resulted in such a monumental financial setback. The month of August was particularly devastating, registering a whopping $23.4 million in financial losses.
The sharp spike in losses for August can largely be attributed to projects anchored on the freshly unveiled Ethereum Layer 2 Base network.
Ethereum, according to the report’s findings, was the most targeted platform. It encountered a series of breaches, with five separate attacks focusing on protocols established atop its network.