Elliptic Blockchain Surveillance Firm: North Korean Lazarus Group Theft Spree Reaches $240 Million in 104 Days

Nefarious North Korean hacking group Lazarus has stolen nearly $240 million in cryptocurrencies in the past 104 days alone.

In a report published by blockchain surveillance firm Elliptic, Lazarus has been identified as the perpetrator behind a series of major cryptocurrency hacks in recent months, with their activity intensifying.

The most recent attack attributed to Lazarus targeted the global cryptocurrency exchange CoinEx, resulting in an estimated loss of $54 million. 

Elliptic’s analysis revealed that funds stolen from CoinEx were sent to an address previously utilized by the Lazarus group for laundering funds pilfered from the Drake-backed crypto casino Stake.com, albeit on a different blockchain. 

As reported, the FBI has identified Lazarus as responsible for the theft of $41 million from Stake.

Elliptic’s findings align with those of on-chain investigator ZachXBT, who noted on Twitter that the CoinEx hacker had inadvertently linked their address to the Stake hack. 

It appears North Korea is also responsible for the $54M @coinexcom hack from yesterday after they accidentally connected their address to the $41M Stake hack on OP & Polygon.

0x75497999432b8701330fb68058bd21918c02ac59 pic.twitter.com/9qZPdc3yhT

— ZachXBT (@zachxbt) September 13, 2023

The hacker subsequently transferred the stolen funds to Ethereum using a bridge previously employed by Lazarus, before moving them to a wallet address under the hacker’s control. 

A significant portion of the pilfered funds originated from the Tron and Polygon blockchains.

Furthermore, Elliptic discovered that Lazarus hackers had mixed the funds with addresses associated with the Stake hack and employed an address involved in the $100 million Atomic wallet hack in June. 

Based on the blockchain activity and the absence of evidence pointing to any other threat group, Elliptic concluded that Lazarus Group is the likely culprit behind the CoinEx theft.

Lazarus Responsible For More Hacks

Recent investigations have connected Lazarus to additional hacks, including the crypto payments platform CoinsPaid in late June and the crypto payment provider Alphapo in July. 

Elliptic observed a shift in Lazarus’ focus towards centralized platforms rather than decentralized ones, possibly due to the feasibility of conducting social engineering attacks against such targets.

In response to the attack, CoinEx released an open letter to the hackers, urging them to contact the company via email or through the blockchain to discuss a bug bounty and the return of the stolen funds. 

So far this year, Web3 platforms have lost over $1.2 billion in hacks and rug pulls, according to a report from Web3 bug bounty platform Immunefi.

The report revealed a total of 211 separate incidents contributing to this massive sum, with the month of August alone accounting for $23.4 million in losses.

The surge in losses during August mostly contributed to projects hosted on the newly launched Ethereum Layer 2 Base network. 

As per the report, Ethereum faced the most significant number of attacks, with five distinct incidents affecting protocols built on the network.