Source: Cointelegraph Original: "{title}"

The North Korean hacker group Lazarus Group has transferred cryptocurrency assets through mixing services following a series of high-profile hacking attacks.

On March 13, blockchain security company CertiK alerted its followers on its X platform that it detected a deposit of approximately $750,000 worth of 400 Ethereum (ETH) into the Tornado Cash mixing service.

The company noted, "The source of these funds can be traced back to the Lazarus Group's activities on the Bitcoin network."

This North Korean hacker organization is accused of being responsible for the massive hacking attack on the Bybit exchange that occurred on February 21, resulting in the theft of $1.4 billion worth of cryptocurrency assets.

It is also linked to the $29 million hacking incident at the Phemex exchange that took place in January, and has since begun laundering these assets.

Lazarus Group's cryptocurrency asset movements. Source: Certik

Lazarus Group is also associated with some of the most notorious cryptocurrency hacking incidents, including the $600 million Ronin Network hack that occurred in 2022.

According to Chainalysis data, in 2024, North Korean hackers stole over $1.3 billion in cryptocurrency assets across 47 incidents, more than double the amount stolen in 2023.

According to a report from researchers at cybersecurity company Socket, Lazarus Group has deployed six new malware packages aimed at infiltrating development environments, stealing credentials, extracting cryptocurrency data, and installing backdoors.

The group's attack targets the Node Package Manager (NPM) ecosystem, which is a vast collection of JavaScript packages and libraries.

Researchers found that malware named "BeaverTail" was embedded in some packages disguised as legitimate libraries, using typosquatting strategies or other methods to deceive developers.

"In these packages, the Lazarus Group used names very similar to legitimate and widely trusted libraries," they added.

The malware specifically targets cryptocurrency wallets, particularly Solana and Exodus wallets.

Code snippet demonstrating the Solana wallet attack. Source: Socket

The attack targets files in Google Chrome, Brave, and Firefox browsers, as well as keychain data on macOS, particularly focusing on developers who may unknowingly install the malicious packages.

Researchers noted that while it is currently difficult to definitively attribute this attack to the Lazarus Group, "the tactics, techniques, and procedures observed in this npm attack are highly consistent with the known operations of the Lazarus Group."

Related: Uncovering the masterminds behind the largest theft in cryptocurrency history: North Korean hacker group Lazarus

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。