Tornado Cash Allows The Lazarus Group To Launder 400 ETH!

The Lazarus Group, a hacking collective affiliated with North Korea, continues its illegal activities by exploiting crypto. Recently, a transaction of 400 ETH, amounting to approximately 750,000 dollars, was identified on Tornado Cash, a platform known for anonymizing blockchain transactions. Meanwhile, the group has launched a new malware campaign targeting developers, confirming its evolution towards increasingly sophisticated attacks.

Lazarus Group and Tornado Cash: An infernal duo for your crypto?

On March 13, 2024, the security firm CertiK detected this transaction linked to Lazarus. The group, already responsible for several major crypto hacks, including Bybit ( 1.4 billion dollars in February ) and Phemex (29 million in January), regularly uses services like THORChain to conceal its funds. In five days, nearly 2.91 billion dollars are estimated to have flowed through this decentralized protocol, making any recovery attempt extremely complex.

For several years, Lazarus has relied on various methods to evade authorities, notably by exploiting mixers like Tornado Cash. These services, although legitimate for preserving the confidentiality of crypto transactions, are often diverted for criminal purposes.

An offensive targeting developers

Beyond money laundering , Lazarus has intensified its attacks against software developers. Six new malwares have been spotted on the Node Package Manager (NPM) platform, an essential service for managing JavaScript libraries. Among them is the malicious software BeaverTail, which mimics popular libraries by slightly altering their names, a technique known as typosquatting.

These malwares allow hackers to access sensitive data, including credentials stored in Chrome, Brave, and Firefox browsers, as well as Solana and Exodus wallets. Several crypto-entrepreneurs have also been targeted by fake Zoom invitations, where hackers pose as crypto investors to trick their victims into downloading infected files.

A growing risk for the crypto ecosystem

According to Chainalysis, North Korean hackers have stolen 1.3 billion dollars in 2024, more than double that of the previous year. This increase highlights a persistent threat to the security of crypto assets.

The use of Tornado Cash and THORChain thus underscores the difficulties faced by authorities to trace and block these funds . In the face of these repeated attacks, crypto developers and companies must strengthen their security measures to limit their exposure to cybercriminals.