North Korean Lazarus Group moves BTC around after weeks of inactivity

Blockchain analyst Arkham Intelligence detected movement in the portfolio of North Korean hackers Lazarus Group on Jan. 8.
Blockchain analyst Arkham Intelligence detected movement in the portfolio of North Korean hackers Lazarus Group on Jan. 8.

North Korean hackers Lazarus Group moved over $1 million worth of Bitcoin (BTC) on Jan. 8 after weeks of inactivity.

According to blockchain analysts Arkham Intelligence, the Lazarus Group transferred 27.371 BTC, worth $1.2 million at the current price, in two transfers from what the analysts took to be a cryptocurrency mixer. Lazarus Group then sent 3.343 BTC, worth $150,582, to an inactive address they had used before.

Arkham showed $79 million in the Lazarus Group portfolio after the transactions. While it is impossible to guess the intentions of the criminal group, the transfers could indicate that it is preparing for more activity.

Related: US deputy treasury secretary calls for additional tools to sanction crypto firms

Lazarus Group is allegedly sponsored by the North Korean government. It has been blamed for a third of all hacks committed in 2023, hauling in up to $700 million that year. The group has reportedly used innovative techniques such as fake job offers to gain access to its targets and posing as well-known venture capitalists.

Lazarus Group’s portfolio balance for the last three months. Source: Arkham Intelligence

Lazarus Group reportedly stole around $3 billion between 2017 and 2023. This included the massive Ronin Bridge hack in March 2022, when Ether (ETH) and USD Coin (USDC) worth over $600 million was taken from the play-to-earn game Axie Infinity developed by the Vietnamese studio Sky Mavis. It was the largest hack in crypto history.

Lazarus Group activity has also triggered a string of actions by the United States Treasury Department’s Office of Foreign Assets Control (OFAC), which sanctioned a crypto mixer — Blender.io — for the first time in response to the Ronin Bridge incident. Since then, OFAC has sanctioned Tornado Cash, as well as individuals, for their connections to Lazarus Group.

Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks