Recent reports indicate that a North Korean hacking syndicate has acquired assets worth more than $40 million in Bitcoin (BTC). This comes after numerous attacks on cryptocurrency exchanges and wallets. The group, which is backed by the state, has been accused of hacking Atomic Wallet, CoinEX and Alphao, sparking a wave of illegal takeovers. However, experts say Lazarus Group’s true holdings may be much larger.
Lazarus Group is causing fear in the cryptocurrency space
New on-chain data provided by Dune Analytics shows that Lazarus Group appears to hold $42.5 million in Bitcoin and $1.1 million in Ethereum, as well as some stablecoin. These figures come from an analysis of 295 wallets linked to the group, which were identified by U.S. authorities following a series of spectacular attacks on various industry players.
Nevertheless, experts warn that the group’s actual holdings could be much higher, as the hackers may be operating unknown addresses that are difficult to trace. The $47 million figure is therefore only the lower end of the estimate.
The Lazarus Group syndicate came under the spotlight after Stake.com was hacked in early September, causing the platform’s value to drop by $46 million. In addition, law enforcement authorities have identified the same hackers as responsible for a number of other security breaches, such as the hacks of CoinEx, CoinsPaid and Atomic Wallet. This allowed the attackers to illegally obtain a total of more than $100 million.
Chainlaysis reassuring, and US authorities are sounding the alarm
Nonetheless, Chainlaysis analysts noted that Lazarus Group’s business has declined markedly, with the gang earning only $340.4 million since the beginning of this year. This represents a significant drop from the results of a year ago, when the group gained more than $1 billion thanks to spectacular hacks of cryptocurrency exchanges and DeFi projects.
Meanwhile, U.S. authorities are warning of potential increased ransomware attacks, especially in the healthcare sector. Knowing that the Lazarus group is capable of stealing huge sums of money, there is concern that it may try to attack critical infrastructure sectors.
Cryptocurrencies a way to finance North Korea’s nuclear program
North Korea is forced to use stolen cryptocurrencies to fund its nuclear program, according to a United Nations (UN) report. Harsh international sanctions have restricted the regime’s ability to access traditional financial resources, causing it to turn to cryptocurrencies as an alternative source of funding. This phenomenon has caused deep international concern, and South Korea has even introduced new sanctions on North Koreans involved in financing the nuclear weapons program through ransomware attacks. Thus Jin-hyok, one of the main actors involved in these activities, was blacklisted by the US Federal Bureau of Investigation (FBI) and the US Treasury Department.
The actions of the North Korean hacking syndicate leave questions about the scale of the cyber threat facing the world. Combating groups like the Lazarus Group is a priority for authorities, both in terms of national security and protecting financial markets.
