North Korea’s Lazarus Group Moves 400 ETH to Tornado Cash Following $1.5B Bybit Hack

CN
5 hours ago

The Lazarus Group, a North Korean state-sponsored hacking collective, transferred 400 ETH to privacy tool Tornado Cash on March 12, 2025, according to blockchain security firm Certik. The funds are believed to originate from the Feb. 21, 2025, breach of cryptocurrency exchange Bybit, which lost over $1.4 billion in digital assets — the largest crypto heist in history.

Analysts at Elliptic and Chainalysis attributed the attack to Lazarus, citing its history of targeting exchanges for financial gain. Onchain detective ZachXBT led the charge in identifying North Korean hackers as the prime suspects. Bybit’s Dubai-based platform was compromised through social engineering tactics that targeted Safe Wallet systems, allowing hackers to drain a multi-signature cold wallet.

Post-theft, Lazarus converted stolen tokens to ethereum via decentralized exchange (DEX) platforms before funneling funds to mixers. Tornado Cash, a decentralized ethereum-based mixer sanctioned by the U.S. Treasury in 2022, obscures transaction trails using zero-knowledge proofs, complicating law enforcement efforts.

Certik detected the 400 ETH transfer tracing it to Bitcoin network addresses linked to Lazarus. While cross-chain activity complicates direct attribution, researchers noted the timing aligns with the group’s laundering patterns. On Friday, onchain investigator ZachXBT stated: “A high-confidence Tornado Cash demix for the theft reveals DPRK purchased 437.6B PEPE ($3.1M) on March 11, 2025, after withdrawing ETH from Tornado Cash.”

The transfer shows Lazarus’s evolving tactics, including cross-network laundering and malware campaigns targeting developers via fake Zoom calls. U.S. authorities estimate Tornado Cash has processed over $7 billion in illicit funds since 2019, including around $455 million tied to Lazarus. A November 2024 federal court ruling partially lifted sanctions against the mixer, but its legal status remains under debate

Security firms warn that North Korea uses stolen crypto to fund its weapons programs. The Bybit hack alone surpasses the $610 million Poly Network theft in 2021, highlighting systemic vulnerabilities in industry security. At press time, Arkham Intelligence data shows that the hacking collective holds around $1.18 billion in digital assets with most of its portfolio in BTC.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To
APP

X

Telegram

Facebook

Reddit

CopyLink