Rewterz Threat Update – $900 Million in Cryptocurrency Laundered by North Korean Lazarus APT Group

Severity

High

Analysis Summary

Cybersecurity experts have stated that approximately $7 billion in cryptocurrency has been illegally laundered via cross-chain crime, with North Korea’s Lazarus Group being linked to the theft of almost $900 million between July 2022 and 2023.

The rise of cross-chain crime, particularly in crypto thefts, scams, Ponzi schemes, and money laundering, is significant, with North Korea’s Lazarus Group playing a prominent role. According to the report, this cyber threat actor group is responsible for approximately 1/7th of all cross-chain crime, having laundered over $900 million through such methods. Law enforcement efforts have led to crackdowns on mixers, prompting threat actors, including nation-state actors and cybercrime groups, to adopt chain- or asset-hopping tactics for laundering stolen assets. Additionally, the report highlights the exploitation of the limitations in mainstream blockchain analytics solutions, which hampers the identification and monitoring of cross-chain activities by threat actors.

Cross-chain crime is the conversion of crypto assets from one blockchain or token to another in order to obscure their origin. This is a widely used method by threat actors for money laundering of cryptocurrency. According to the acquired data, Lazarus has contributed to the majority of 111% increase in the funds sent using these services.

The APT group is estimated to have conducted theft of almost $240 million on cryptocurrency since the start of June this year. Their main targets are: Atomic Wallet, Alphapo, CoinsPaid, CoinEx, and Stake.com.

“Bridging back-and-forth for the sake of obfuscation – i.e. ‘chain-hopping’ – is now a recognized money laundering typology.”

The group has also used Avalanche Bridge in order to deposit more than 9,500 bticoin along with employing cross-chain solutions. The methods that North Korean hacker groups use is made to bypass the PCs of IT maintenance companies by distributing malware through phishing emails.

The emergence of this new era of crypto crime has significant implications for virtual asset service providers and law enforcement investigators, particularly in the context of cross-chain services such as DEXs and bridges. To ensure ongoing innovation and their vital role in advancing the decentralized finance ecosystem, developers of these services must proactively address and manage these risks, concludes the report.

Recommendations

• Cryptocurrency companies should bolster their overall security posture by implementing advanced security measures, including multi-factor authentication (MFA), strong access controls, and encryption.
• Develop and regularly update an incident response plan that outlines the steps to take in case of a security breach. Test the plan through simulations to ensure its effectiveness.
• Conduct regular security audits and vulnerability assessments to identify and remediate potential weaknesses within cryptocurrency platforms and wallets.
• Educate users about security best practices, including how to recognize phishing attempts, safeguard private keys, and enable strong authentication methods.
• Perform red team exercises to simulate attacks and identify vulnerabilities.
• Deploy advanced threat detection tools that monitor for anomalous activities and unauthorized access attempts on cryptocurrency platforms.
• Work closely with law enforcement agencies to provide necessary information, cooperate during investigations, and aid in tracking down threat actors.
• Maintain transparent communication with users and stakeholders about security incidents, the measures taken to mitigate risks, and any recommended actions.
• Implement continuous monitoring of networks and systems to quickly detect and respond to any suspicious activities or unauthorized access.
• Be aware of geopolitical tensions and political developments that might impact the threat landscape. Such awareness can inform security strategies.