Lazarus Group Launders Crypto via Mixers, Deploys New Malware Targeting Developers
North Korean-affiliated hacking group Lazarus has continued its illicit activities, moving stolen crypto through mixers and launching new malware attacks on developers.
North Korean-affiliated hacking group Lazarus has continued its illicit activities, moving stolen crypto through mixers and launching new malware attacks on developers.
On March 13, blockchain security firm CertiK flagged a 400 ETH deposit valued at approximately $750,000 into the Tornado Cash mixing service. According to CertiK, the funds originated from Lazarus’ activities on the Bitcoin network.
“The fund traces to the Lazarus group’s activity on the Bitcoin network,”
CertiK noted.
Lazarus has been linked to several major crypto exchange breaches, including the Bybit hack on February 21, where $1.4 billion was stolen. The group was also behind the $29 million Phemex exploit in January and has been laundering stolen assets ever since. Notably, Lazarus was responsible for some of the largest crypto hacks in history, including the $600 million Ronin bridge attack in 2022.
Data from Chainalysis reveals that in 2023, North Korea-affiliated hackers stole approximately $660.50 million across 20 incidents; in 2024, this number increased to $1.34 billion stolen across 47 incidents — a 102.88% increase in value stolen. These figures represented 61% of the total amount stolen for the year and 20% of total incidents.
Similarly, cybersecurity researchers at Socket uncovered six new malicious packages deployed by Lazarus to compromise developer environments. These packages, embedded in the Node Package Manager (NPM) ecosystem, are designed to steal credentials, extract cryptocurrency-related data, and install backdoors.
Notably, Researchers identified a malware strain called “BeaverTail,” which uses typosquatting tactics—mimicking legitimate JavaScript libraries with slightly altered names to deceive developers into installing them. The malware is hazardous as it targets cryptocurrency wallets, including Solana and Exodus, and harvests sensitive data from browsers such as Google Chrome, Brave, and Firefox. On macOS, it goes further, attempting to access keychain data to compromise stored credentials. While definitive attribution remains challenging, researchers emphasized that the tactics, techniques, and procedures (TTPs) closely align with Lazarus’ known operations.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter , LinkedIn , Facebook , Instagram , and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Altcoin Breakout Signals Bullish Momentum Ahead
Altcoins are gearing up for a major breakout as market momentum shifts. Here's what you need to know.Altcoins Set to Surge as Market Momentum BuildsFactors Driving the Altcoin BreakoutWhat to Watch Moving Forward
U.S. Sells Gold Cards for $5M Each—Debt Solution?
The U.S. sold 1,000 gold cards at $5 million each. Can this help reduce the growing national debt crisis?A $5 Billion Gold RushCan It Fix the Debt Crisis?What’s Next?
Jed McCaleb Bets $1B on Space Startup Vast Space
Crypto billionaire Jed McCaleb invests $1B in Vast Space to build the first commercial space station.From Crypto to the CosmosWhat Is Vast Space Planning?Crypto Funding the Final Frontier
Bitcoin Sharpe Ratio Nears “Low Risk” Zone for Entry
Bitcoin’s Sharpe Ratio is nearing the “Low Risk” zone. A prime buying opportunity could be close!Sharpe Ratio Signals Potential Buying WindowWhy Sharpe Ratio Matters for BTCTiming the Next Move
Crypto prices
More
