Lazarus Group’s Latest Crypto Hack Involves 400 ETH Laundering and Malware Attack

The Lazarus Group, well known for its connections to North Korea’s cybercrime activities, continues to be of a serious threat to the cryptocurrency industry. Recently, cybersecurity company CertiK revealed that the Lazarus Group had laundered 400 ETH, valued at over $750,000, through Tornado Cash, a decentralized mixing service. 

This latest move is part of their ongoing strategy to launder illicit cryptocurrency from major hacks, highlighting the growing risk of cybercriminals using decentralized finance (DeFi) platforms to hide the origins of stolen assets.

Crypto Laundering Tactics in Action

This recent deposit into Tornado Cash follows a pattern of laundering stolen funds from past cyber attacks. Lazarus is recognised for its advanced techniques that help to cover the movement of stolen crypto assets.. 

Tornado Cash, which is built to provide transaction privacy by mixing tokens, is one of the group’s preferred tools for money laundering. The Group’s illicit activities include major cyber heists such as the infamous 2022 Ronin Network hack and a recent attack on Bybit. .In 2024 alone, Lazarus was responsible for stealing over $1.3 billion, highlighting their continued dominance in cybercrime within the crypto sector. 

By using services like Tornado Cash, Lazarus can prevent law enforcement and other authorities from tracking down the flow of stolen assets. The use of platforms like Tornado Cash to obscure cryptocurrency transactions complicates investigations, allowing Lazarus to conceal the true origins of stolen funds behind multiple layers of anonymity.  

New Malware Threats Targeting Developers

While crypto laundering remains a central element of Lazarus’ activities, the group is also increasing its focus on cybersecurity threats targeting developers and software ecosystems. Experts from Socket, a cybersecurity firm, revealed that Lazarus has introduced six new variants of malware aimed at developers. Among these is a tool called “BeaverTail,” which is designed to infiltrate software development environments, capture valuable credentials, and extract sensitive cryptocurrency-related data.

This malware is a part of Lazarus’ broader strategy to infiltrate and compromise developer tools. It specifically targets popular open-source platforms, such as Node Package Manager (NPM), to infect unsuspecting developers’ machines. These platforms are widely used for sharing JavaScript libraries, which makes them a prime target for malicious actors seeking to infiltrate the software supply chain. Through strategic typosquatting (mimicking legitimate packages with slight alterations to the names), Lazarus successfully deceives developers into downloading the malware.

Impact on the Crypto Ecosystem and Broader Cybersecurity Threat

The increasing sophistication of Lazarus’ malware campaign underscores the vulnerabilities in the crypto ecosystem, particularly for those involved in development. The focus on targeting NPM libraries that interact with crypto wallets, such as Solana and Exodus, demonstrates the evolving nature of the threat. As crypto developers continue to expand and innovate, they face mounting pressure to secure their development environments against attacks.

With more tools and malware variants targeting browser data, cryptocurrency wallets, and online credentials, Lazarus is proving itself as a persistent and adaptable threat to the crypto space. Even though these attacks have yet to be officially linked to Lazarus in some cases, the tools and methods employed are highly reminiscent of their previous campaigns.

The post Lazarus Group’s Latest Crypto Hack Involves 400 ETH Laundering and Malware Attack appeared first on Coinfomania.