Lazarus, a group of North Korean hackers known for carrying out numerous large-scale cryptocurrency heists over the years, has switched to laundering stolen and nbsp proceeds using the YoMix bitcoin mixer.
Following government approval of numerous bitcoin mixing services the threat actor used, Lazarus has modified its laundering procedure, according to a report from blockchain analysis company Chainalysis.
According to the company, YoMix has experienced a significant financial influx throughout 2023, which is due more to Lazarus activity than to an increase in popularity.
laundering ops in Lazarus
Crypto-theft is just one aspect of Lazarus ’s operations, though it plays a significant role in them. It is thought that this funding also goes toward the development of weapons for North Korea.
The March 2022 Ronin Network ( Axie Infinity ) hack, which brought in$ 625 million, the Harmony Horizon hack in June 20, which caused$ 100 million in losses, and the July 2023 Alphapo heist, from which the hackers stole$ 60 million worth of cryptocurrency, are just a few of the biggest cryptocurrency theft operations Lazarus has carried out in recent years.
According to a report from , Recorded Future, North Korean hacking groups Lazarus, Kimsuky, and Andariel stole an estimated$ 3 billion in cryptocurrency between January 2017 and December 2023.
The money was processed by a number of coin-mingling companies that disobey anti-laundering laws and accept deposits from wallets that have been flagged for suspicious activity.
The assets are received by the mixers in new wallet addresses that cannot be linked to the initial attacks after being bounced through a network of cryptocurrency holders.
Blender, Tornado Cash, and Sinbad are just a few of the platforms Lazarus used to launder their money that the U.S. Treasury Department’s Office of Foreign Assets Control ( OFAC ) has identified and approved over the years.
Lazarus, however, switched to a new platform each time one was approved and cut off from the cryptocurrency world. According to Chainalysis, the North Korean threat actor recently used YoMix.
trends in laundering in 2023
According to Chainalysis, YoMix experienced a significant increase in funds in the second quarter of 2023 that persisted through the year’s end and was primarily caused by money laundering.
According to the report, “roughly one-third of all YoMix inflows have come from wallets associated with crypto hacks,” according to Chainalysis data.
According to Chainalysis, 71.7 % of all illicit funds are concentrated at just five services, which is a trend that it noticed last year regarding the concentration of money laundering activities at these specific fiat off-rising services.
However, money laundering decreased at the deposit address level, indicating that criminals are diversifying their activities to avoid being discovered and having their assets frozen by law enforcement and compliance teams.
The report also includes the following highlights:
- In 2023, services received$ 22.2 billion from flagged crypto wallet addresses, down from$ 35. 5 billion in 2022.
- In 2023, 109 exchange deposit addresses collectively received$ 3.4 billion worth of illicit cryptocurrency, totaling over$ 10 million.
- 504.3 million dollars were sent to mixers from flagged addresses last year, down from$ 1 billion in 2022 by 50 %.
- Utilization of cross-chain bridges increased significantly in 2023, reaching$ 743.8 million in cryptocurrency as opposed to$ 321.2 million.
YoMix has been contacted by BleepingComputer with a request for comment on the service that North Korean hackers are using to launder money illegally, but we have n’t heard back from them yet.