Article Details

Feds reach for sliver of crypto-cash nicked by North Korea's notorious Lazarus Group. A couple million will do for a start … but Kim's crews are suspected of stealing much more. The US government is attempting to claw back more than $2.67 million stolen by North Korea's Lazarus Group, filing two lawsuits to force the forfeiture of millions in Tether and Bitcoin. The first lawsuit stems from the 2022 Deribit hack, during which the North Korean criminals drained about $28 million from the crypto exchange's hot wallet. The crooks then laundered the funds through virtual currency exchanges, the Tornado Cash mixer and virtual currency bridges in an attempt to cover their tracks. "Although mixing services are used to obfuscate the trail of funds, law enforcement can sometimes trace the funds in and out – as they did here," according to the court documents [PDF]. The feds ultimately recovered about $1.7 million worth of Tether in five frozen wallets. About a year after the Lazarus Group allegedly Deribit, they supposedly stole another $41 million from Stake.com – an online casino and gambling site. That heist is the subject of the second lawsuit. After breaking into Stake.com's computer systems and stealing roughly tens of millions in virtual currency, "the North Koreans and their money laundering co-conspirators transferred the stolen funds through virtual currency bridges, several BTC addresses, and virtual currency mixers before consolidating funds and depositing the virtual currency at different virtual currency exchanges," the forfeiture action notes [PDF] explain. In this case, the Lazarus Group moved the stolen BTC through Bitcoin mixers Sinbad and Yonmix. Sinbad has since been sanctioned by the US government for laundering millions for the North Korean heists. While law enforcement was able to freeze assets from seven transactions, "the North Koreans were able to transfer the majority of the stolen funds to the BTC blockchain," according to the court documents. The FBI was able to recover an additional .099 BTC, or about $6,270, from an eighth transaction. Then, on February 9 the Department of Justice served a federal seizure warrant for those funds, which were transferred to the government. These, according to the lawsuits, are just a couple of the digital intrusions that the feds have linked to Kim Jong Un's crew. As explained in the court documents: The FBI is investigating several recent virtual currency heists perpetrated by North Korean military hacking groups, known within the cyber security community as both the Lazarus Group and APT38. Since at least late 2014, North Korean cyber actors have engaged in cyber attacks, intrusions, and attempted intrusions into computers and networks of, among others, US and foreign entertainment companies, US and foreign banks, US cleared defense contractors and energy companies, virtual currency exchanges, information security researchers, and pharmaceutical companies. This same group of notorious crypto crooks is believed to be responsible for the $234.9 million WazirX exchange hack.