The North Korean hacking collective Lazarus Group has resumed activity by transferring $1 million worth of Bitcoin on January 8, after a period of silence. Blockchain analysis firm Arkham Intelligence tracked two transactions amounting to 27,371 Bitcoin, valued at $1.2 million, from an address believed to be a cryptocurrency mixer.
Subsequently, Lazarus Group moved an additional $150,582 worth of 3,343 Bitcoin to a previously inactive address they controlled. Arkham Intelligence revealed that the group’s portfolio holds $79 million, suggesting potential preparation for future cyber activities, though their exact intentions remain unclear.
Lazarus Group, allegedly supported by the North Korean government, was responsible for a third of all cyberattacks in 2023, amounting to $700 million in damages. They are known for using sophisticated techniques such as fake job offers and impersonating venture capitalists to reach their targets.
Between 2017 and 2023, Lazarus Group reportedly stole approximately $3 billion in cryptocurrency assets, including over $600 million in Ethereum and USD Coin from the play-to-earn game Axie Infinity’s Ronin Bridge in March 2022, marking one of the largest hacks in crypto history.
The group’s activities prompted the U.S. Treasury’s Office of Foreign Assets Control (OFAC) to sanction the crypto mixer Blender.io in response to the Ronin Bridge hack, the first such action against a crypto mixer. Since then, OFAC has expanded sanctions to individuals linked to Lazarus Group and Tornado Cash. Governments continue to implement stringent regulations to protect citizens from cyberattacks in the crypto market.