Recently, Chainalysis revealed how US authorities including the FBI have investigated the recent case of cryptos stolen by the Lazarus Group. The group is a North Korea-affiliated hacker group that is allegedly working for the country’s government.
The report was published soon after the US Department of Justice (DoJ) forfeited 280 crypto-accounts involved in illegal activities. The accounts were forfeited for the laundering of almost $28.7 million worth of cryptos following two crypto-exchange hacks. Based on the report, investigators can keep up with the Lazarus Group, despite their efforts to hide their trail; by attempting to liquidate the stolen funds through ‘chain hopping.’
The chain hopping strategy includes trading funds for other types of crypto to make it more challenging for law enforcement teams to track the funds between blockchains. Additionally, the Lazarus hackers tried to change funds into Bitcoin and cash out using other services. Apart from Bitcoin, the cryptos involved in the exchange hacks also included Algorand and Ethereum.
Notably, however, that chain hopping method is not foolproof by any means. It is mostly reliant on unregulated crypto exchanges that do not rely on the norms; like the know your customer (KYC) checks.
How Lazarus Group Moves Funds
Lazarus Group moved huge chunks of the stolen funds to over-the-counter (OTC) brokers to be converted into cash, according to Chainalysis. Whenever traders do not want to use a formal exchange, transactions are made via OTC. In that case, the OTC broker that the hackers used was on Chainalysis’s list of “100 rogues” OTC brokers.
Chainalysis’s Reactor graph shown tracked the stolen cryptocurrencies.
The report went on to state that several exchanges did help in mitigating the hackers’ efforts by pre-empting the chain hopping patterns. Interestingly, when the Lazarus Group moved their money, some of the crypto exchanges interrupted their transactions. They managed to do it after exchange monitoring tools managed to identify incoming funds from an exchange hack.
It is a good sign since for many months there have been cases where ill-coordinated efforts have had nothing to show for. It also suggests that exchanges are stepping up and keeping a vigilant eye on efforts to launder their money internationally.
Now, it should be noted that the report in question never explicitly mentioned the names of the exchanges that were involved. Nonetheless, a past study by Chainalysis had said that Binance and Huobi were among the two crypto exchanges to have got the most funds from criminal entities last year. They received a total of almost 1.4 billion in Bitcoin. Thus, the probability that one of these two exchanges was involved is significantly high.
Both Huobi and Binance which are two of the biggest crypto exchanges operating worldwide are subject to enforcing KYC regulations. One can thus say that the successful identification of these accounts and the crypto exchanges’ assistance in doing so; is a victory of some sorts for those who have been clamoring for more cryptocurrency regulations.
Before the DoJ’s announcement, the Lazarus Group had already made news headlines after F-Secure’s Threat Intelligence Team tracked the criminals’ latest attack targeting an advert on LinkedIn. Before that, the group was also suspected to be responsible for an $81M ‘heist’ that severely crippled Bangladesh Bank.