The United States government filed two legal complaints on Oct. 4 to begin seizing more than $2.67 million in digital assets stolen by the North Korean Lazarus Group of hackers.
According to the legal filings, the US government seeks to recover about $1.7 million in Tether (USDT) stolen by the organization in the 2022 Deribit hack, which left the options exchange drained of $28 million.
Once the hackers successfully breached a Deribit hot wallet, they passed the funds through the Tornado Cash mixer and several Ethereum (ETH) addresses in an attempt to avoid detection.
US law enforcement officials also filed to recover about $970,000 in Avalanche-bridged Bitcoin (BTC.b) stolen in the Lazarus Group's 2023 hack of the Stake.com gambling platform. The malicious attack left Stake with more than $41 million in losses.
Related: Hackers got away with $440M in 28 exploits in Q3: Report
Lazarus Group behind crypto hacks
The Deribit and Stake.com hacks represent only a small fraction of attacks linked to the Lazarus Group. Onchain sleuths suspect the July 2024 hack of the WazirX exchange, which left the platform drained of about $235 million, was also perpetrated by the Lazarus Group.
An Aug. 15 report from onchain detective ZackXBT also uncovered a network of North Korean developers who have infiltrated at least 25 crypto projects. The onchain sleuth revealed that the developers were using fake names to gain access to the projects to compromise code and loot treasuries. ZackXBT said that all the developers identified were probably working for a single entity.
FBI issues warning
The FBI issued a series of warnings about the Lazarus Group in September, including one about social engineering scams.
One of these scams involved sending out fake job offers and applications to unsuspecting users. Once the hackers built sufficient rapport with the victims and persuaded them to download malware disguised as employment documentation, the users would be subject to theft or the loss of sensitive personal data.
Magazine: $55M DeFi Saver phish, copy2pwn hijacks your clipboard: Crypto Sec