The U.S. government has filed two legal complaints seeking to seize over $2.67 million in cryptocurrency stolen by North Korea’s infamous Lazarus Group.
According to court documents filed on Oct. 4 at the U.S. District Court for the District of Columbia, the authorities are attempting to reclaim approximately $1.7 million in Tether (USDT) stolen from Deribit, a Panamanian crypto exchange on Nov. 2022. The exchange was drained of over $2.8 million from its hot wallet.
The second case is seeking to recover $972,000 in Avalanche-bridged Bitcoin (BTC.b) stolen from Stake.com gambling platform in September 2023, leaving it with over $42 million in losses.
In both cases, the funds were passed through Tornado Cash, a crypto mixer most hackers used to siphon stolen funds, making it untraceable.
So far, authorities have been able to freeze five crypto wallets linked to the stolen Tether from the Deribit hack, recovering about $1.7 million. However, finding the rest of the stolen funds has been difficult because of the complex methods for hiding their tracks.
In September 2024, the FBI issued a warning citing some of Lazarus Group’s clever tricks. One method they use is sending fake job offers to target people working in tech or crypto industries. The job offer seems real with the application document to download.
However, the documents are actually malware. Once the victim downloads and opens the file, the malware installs itself on their device, giving the hackers access to their personal details
These attacks seem to be a strategy to fund the North Korean regime. According to a U.N. report from March 2024, the majority of the funds are used to fund the country’s weapons programs.
In August 2024, on-chain investigator ZackXBT discovered that North Korean developers had infiltrated at least 25 crypto projects, using fake identities to access and steal funds.
Also Read: Russian Hackers Are Using Fake AI Sites to Steal Crypto