Top 3 Crypto Hacks that Made Millions

Cryptocurrency, touted as the future of finance, has also become a playground for hackers and cybercriminals seeking to exploit vulnerabilities in the system. Despite blockchain technology's promise of security, numerous high-profile hacks have exposed the inherent risks associated with digital assets. From sophisticated phishing attacks to elaborate laundering schemes, malicious actors continue to capitalize on the nascent nature of the crypto market to siphon off millions of dollars. 

What is Lazarus Group?

The Lazarus Group, also known as Bluenoroff or APT38, is a notorious threat group with ties to the North Korean government, believed to have been active since at least 2009. Infamous for its financially motivated cyber activities, the Lazarus Group has gained global attention for its involvement in a wide range of illicit activities, including cyber espionage, data theft, and most notably, large-scale cryptocurrency hacks. Known for their sophisticated techniques and custom-built malware, the Lazarus Group has targeted various industries, with a particular focus on financial institutions and cryptocurrency exchanges. Their operations have resulted in significant financial losses, making them one of the most prominent and formidable cyber threat actors in the world.

How much did Lazarus Group Steal by Hacking?

The Lazarus Group's nefarious activities in the realm of hacking have led to staggering financial losses and widespread disruption across numerous companies and industries. According to estimates by analytics firms such as TRM and Chainalysis, the group has been linked to the theft of between $3 billion to $4.1 billion in cryptocurrency since 2017 alone. This substantial sum underscores the scale of their operations and the significant impact on victims worldwide. Moreover, the Lazarus Group's targets extend beyond individual companies, with their attacks affecting entire sectors, including financial institutions, cryptocurrency exchanges, and various other organizations. Between 2020 and 2023 alone, 25+ crypto hacks occurred. 

Top 3 Crypto Hacks

April 2021 — EasyFi founder (Ankitt Gaur) hack: +$81 Million

Incident Summary: April 19, 2021 EasyFi team observed large unauthorized transfers of EASY tokens from team wallets controlled by the founder Ankitt Gaur after his device had been injected with a malicious version of Metamask allowing the attacker to gain control of the private keys resulting in $81M stolen.

On-chain aspects: $6M of USD/DAI/USDT of liquidity was removed from protocol pools and 2.98M EASY was transferred to 0x4371.

April 2021 — Laundering: From April 20–21, 2021 a total of 209.64 BTC from the theft address was bridged from Ethereum and deposited to ChipMixer from the hack.

November 2021 — bZx Hack: +$55 Million

On November 3, 2021 the lending protocol bZx had $55M drained on the BSC and Polygon deployments after a bZx developer fell victim to a phishing attack after running a script on his personal computer granting the malicious actor access to their private keys.

On-chain aspects: A preliminary post-mortem published by the bZx team shared wallet addresses involved with the hack.

bZx hack laundering Tornado Cash deposits: 8600 ETH from the theft was deposited to Tornado Cash from November 15–18, 2021 by 0x20d9

October 2021 —  MGNR and PolyPlay Hack: +$24 Million

On October 8, 2021 the trading firm mgnr.io had $24M worth of assets drained from their wallets as the result of a private key compromise.

MGNR hack on-chain aspects: A blog post by the user CryptoCat in January 2022 revealed addresses from the theft by detailing mgnr.io wallets which sold Maple Finance tokens on October 8, 2021.

MGNR hack October 2021 laundering: All assets from compromised mgnr.io wallets on EVM chains were bridged and swapped before being consolidated into 0x577 where the attacker deposited 4900 ETH from the incident to Tornado Cash beginning on October 8, 2021 at 4:37 am UTC and concluding on October 12, 2021 at 6:16 am UTC. Another address connected to the attacker deposited 210 ETH to Tornado Cash during this period.

Transfer laundered funds to P2P exchanges: Through a series of transactions, the funds sitting in 0xdef, 0x964, and 0xefdd were transferred through intermediary addresses and consolidate with funds from other Lazarus Group hacks such as EasyFi, Bondly, and the Nexus Mutual founder before USDT was deposited to the P2P marketplace Paxful beginning in July 2022. In April 2023 they began using Noones, another P2P marketplace. They continue slowly sending USDT in batches until November 2023.

Credits to zachxbt for his investigation.