North Korea’s Lazarus Group continues its crypto laundering operations, moving illicit funds while deploying new malware to target developers and steal digital assets. On Mar. 13, blockchain security firm CertiK detected a deposit of 400 Ethereum ( ETH ), worth around $750,000, to Tornado Cash. The transaction was traced back to Lazarus’s activity on the Bitcoin ( BTC ) network. The group has been linked to multiple high-profile hacks, including the $1.4 billion Bybit exploit in February. https://twitter.com/certikalert/status/1900010122044412187?s=46&t=nznXkss3debX8JIhNzHmzw Following the hack, the group concealed the stolen funds using a variety of techniques. To exchange and transfer large amounts of cryptocurrency, they used decentralized exchanges like THORChain ( RUNE ), which do not require identity checks. Reports show that in just five days, around $2.91 billion was moved through ThorChain, making it much harder to track and recover the money. You might also like: Crypto losses reached $1.53B in february, led by Bybit, Infini and zkLend exploits: Certik In another wave of cyber attacks, Lazarus Group has also launched six new malicious software packages on the Node Package Manager platform, a tool used by developers to manage and install JavaScript packages for their projects. On Mar. 11, security firm Socket published a report on the malware, which is designed to steal credentials and crypto wallet data. The malware, including a package called BeaverTail, disguises itself as legitimate JavaScript libraries using typosquatting, where attackers slightly alter the names of trusted software to trick developers into downloading it. It primarily targets stored credentials in Chrome, Brave, and Firefox browsers, as well as Solana and Exodus wallets. Additionally, the group has been trying to trick crypto founders by using fake Zoom calls. Hackers pose as venture capitalists and send fake meeting links, claiming audio issues. When victims download a supposed fix, malware is installed. Security researchers have reported that several crypto founders have encountered these scams. According to Chainalysis, North Korean hackers stole over $1.3 billion in crypto across 47 attacks in 2024, more than double the amount stolen in 2023. Read more: Сrypto security breaches down nearly 40%, but hot wallet exploits persist
