IANS | 18 Sep, 2023
The notorious North Korean hacking group Lazarus has been held
responsible for stealing approximately $240 million worth of crypto
assets in the last 104 days, a new report has revealed.
According
to the blockchain surveillance firm Elliptic, the hacking group stole
crypto assets from Atomic Wallet ($100 million) CoinsPaid ($37.3
million), Alphapo ($60 million), and Stake.com ($41 million).
The
hacking group has been linked to five major crypto hacks over the past
three months. The latest, according to blockchain data, was the global
cryptocurrency exchange CoinEx, which was hacked last week for an
estimated amount of $53 million.
However, CoinEx informed
customers in a response update that it is still trying to calculate how
much money was stolen, but current findings revealed that around $70
million was stolen from the platform -- higher than the reported amount.
“Elliptic
analysis confirms that some of the funds stolen from CoinEx were sent
to an address which was used by the Lazarus group to launder funds
stolen from the Drake-backed crypto casio Stake.com, albeit on a
different blockchain,” the researchers said.
Moreover, the report
said that the findings corroborate those of on-chain sleuth ZachXBT, who
on X (formerly Twitter) said that the CoinEx hacker had “accidentally
connected their address” to the Stake hack.
The hacker first
transferred the stolen funds to Ethereum via a bridge that was used by
Lazarus in the past. Then, the hacker moved the funds to a wallet
address that is known to be under their control. The majority of the
funds were taken from the Tron and Polygon blockchains.
According
to the report, Lazarus hackers also used addresses seen in the Stake
hack as well as an address seen in the $100 million Atomic wallet hack.
“In
light of this blockchain activity, and in the absence of information
suggesting the CoinEx hack was conducted by any other threat group,
Elliptic agrees that Lazarus Group should be suspected for the theft of
funds from CoinEx,” the researchers stated.
Other hacks in which
Lazarus has been recently implicated include the crypto payments
platform CoinsPaid in late June, and the crypto payment provider Alphapo
in July.
Lazarus has been recently implicated in several other
hacks involving crypto payment platforms, including CoinsPaid in June
and Alphapo in July.