Lazarus Group Faces Asset Seizure as US Targets Stolen Crypto

The US government has filed legal complaints to seize over $2.67 million in digital assets stolen by the North Korean Lazarus Group.

a room of crypto hackers

Governments are increasingly stepping up their efforts to regulate the use of cryptocurrencies, particularly those that enhance user privacy, amid concerns over money laundering and illicit activities. A recent academic paper suggests that targeting privacy-preserving blockchains, such as Monero, could help combat financial crimes, while the United States government has filed legal complaints to recover millions in digital assets stolen by North Korean hackers. 

Lazarus Group logo

US Government Moves to Seize Over $2.67 Million in Digital Assets Stolen by North Korean Lazarus Group

The United States government filed two legal complaints on Oct. 4, 2024, aiming to seize more than $2.67 million in digital assets linked to the notorious Lazarus hacking group. The digital assets were stolen in two high-profile hacks targeting the Deribit options exchange in 2022 and the Stake.com gambling platform in 2023.

According to court documents, the US government seeks to reclaim approximately $1.7 million in Tether (USDT) stolen in the 2022 Deribit hack, which resulted in a loss of $28 million for the cryptocurrency options exchange. The hack involved Lazarus Group breaching Deribit’s hot wallet, then funneling the stolen assets through the Tornado Cash mixer—an anonymizing service—followed by several Ethereum addresses in an attempt to avoid being traced by law enforcement.

The second legal filing targets roughly $970,000 in Avalanche-bridged Bitcoin (BTC.b) that was stolen in the 2023 Stake.com hack. The Lazarus Group’s attack on the popular gambling platform led to more than $41 million in losses, making it one of the most severe crypto-related security breaches in recent history.

Both filings mark a concerted effort by the US government to not only recover funds from the Lazarus Group’s hacking operations but also to disrupt the organization’s financial infrastructure, which is reportedly used to fund illicit activities on behalf of the North Korean government.

The Lazarus Group, a state-sponsored hacking organization based in North Korea, has been implicated in a series of high-profile cyberattacks on cryptocurrency exchanges and other digital financial platforms. The group’s activities are believed to be part of a broader strategy by the North Korean regime to circumvent international sanctions through cybercrime.

The Deribit and Stake.com hacks, while substantial, represent only a fraction of the group’s operations. On-chain investigators have linked the Lazarus Group to numerous other attacks, including the July 2024 breach of the WazirX exchange. This incident saw over $235 million stolen from the platform, further cementing the Lazarus Group’s reputation as a global menace in the cryptocurrency space.

The group's use of advanced techniques, such as leveraging decentralized finance (DeFi) platforms, cross-chain bridges, and anonymizing mixers, has made them a difficult target for authorities. However, the Oct. 4 filings reflect growing success in law enforcement’s ability to track stolen assets on-chain, signaling a potential shift in the fight against state-sponsored hacking.

North Korean Developers Infiltrating Crypto Projects

The Lazarus Group’s cybercrime activities extend beyond direct attacks on exchanges. In an alarming report released on Aug. 15, 2024, on-chain sleuth ZackXBT revealed that North Korean developers have infiltrated at least 25 cryptocurrency projects. Operating under fake identities, these developers reportedly compromised codebases and looted project treasuries, all while working under the direction of a single North Korean entity.

This revelation raises serious concerns about the security of decentralized finance projects and the broader crypto ecosystem. With rogue developers accessing critical infrastructure, the Lazarus Group’s reach extends well beyond the hacks that make headlines, posing an ongoing threat to the cryptocurrency community.

In response to the Lazarus Group’s persistent cyberattacks, the US Federal Bureau of Investigation (FBI) issued multiple warnings in September 2024. The FBI highlighted the group’s use of social engineering scams to target unsuspecting individuals.

One such scam involved fake job offers designed to trick victims into downloading malware disguised as employment documents. After building a rapport with their targets, the hackers would encourage them to open these malicious files, leading to theft or the exposure of sensitive personal data.

The US government’s aggressive moves to recover stolen digital assets signal a growing international effort to crack down on state-sponsored cybercrime. The Lazarus Group’s continued activities also highlight the persistent vulnerabilities in the crypto space, especially concerning the use of decentralized finance platforms, mixers, and cross-chain bridges for laundering stolen assets.

As the legal battle to recover stolen funds unfolds, the case could set important precedents for law enforcement's ability to track and seize digital assets in cybercrime cases. 

Cryptocurrency exchanges, DeFi platforms, and other digital asset providers will likely face increased pressure to enhance their security protocols in response to these developments. In addition, regulators around the world may accelerate their efforts to establish stronger frameworks for digital asset security, particularly in the context of protecting consumers from state-sponsored cyberattacks.

a digital blockchain

Academic Paper Suggests Targeting Privacy-Preserving Cryptocurrencies to Combat Money Laundering

In a paper titled "Reconciliation of Anti-Money Laundering Instruments and European Data Protection Requirements in Permissionless Blockchain Spaces," published in the Journal of Cybersecurity, the author suggests that governments should consider targeting cryptocurrencies—particularly privacy-preserving chains like Monero—to combat money laundering. The paper explores various methods of undermining trust in permissionless blockchains and outlines the difficult balance between enforcing anti-money laundering (AML) regulations and preserving user privacy in the European Union’s data protection framework.

The paper's insights, published in 2021, have recently gained renewed relevance, as debates around the use of cryptocurrencies for illicit purposes intensify. Privacy-enhancing cryptocurrencies and decentralized platforms like mixers are increasingly under scrutiny by regulators, especially in light of the rise in digital asset adoption and the regulatory challenges it presents.

In the academic paper, the author outlines several methods that could potentially be employed by governments to undermine trust in permissionless blockchain networks. These methods include:

  • 51% Attacks: This involves a group gaining majority control of a network's mining or staking power, enabling them to alter the blockchain's transaction history or double-spend assets.
  • Price Suppression: Through market manipulation, governments could cause the price of privacy-focused cryptocurrencies to plummet, reducing confidence in their use as a store of value.
  • Sybil Attacks: A malicious actor creates numerous fake identities within a network to gain disproportionate influence, allowing them to manipulate or disrupt its operations.

These strategies, the author argues, could shake user confidence in permissionless blockchains by casting doubt on the ability of the network’s protocol to ensure smooth and secure operations. Undermining the security and stability of blockchain networks could, in turn, dissuade users from adopting privacy-enhancing cryptocurrencies, potentially curbing their use for money laundering and other illicit activities.

However, the paper warns that such drastic measures should only be considered as a last resort, once other regulatory approaches have been exhausted. The author argues that governments should first focus on more conventional tools, such as:

  • Blacklisting suspicious wallet addresses
  • Flagging suspicious transactions
  • Enforcing sanctions on known bad actors
  • Strengthening existing Know Your Customer (KYC) and AML regulations

The paper ultimately calls for a nuanced approach that balances the need for regulatory compliance with the importance of innovation and user privacy. As the author concludes, any action taken should aim to promote both the safety of the financial system and the protection of individual privacy rights.

Monero and the Debate Over Privacy Coins

Although the paper was published in 2021, its findings are now being viewed through a sharper lens, particularly in the context of privacy coins like Monero. Some observers have begun to theorize that tactics similar to those proposed in the academic paper may already be in play, as seen in the perceived manipulation of Monero’s price. 

Monero has long been in the crosshairs of regulators due to its privacy-preserving features, which make it difficult for law enforcement agencies to track transactions. The debate over the cryptocurrency has escalated in recent years, with some exchanges, including Kraken, opting to delist Monero in specific jurisdictions such as the European Economic Area.

This renewed focus on privacy coins has led to questions about their viability in an increasingly regulated environment. As governments worldwide seek to clamp down on crypto-related money laundering, privacy coins like Monero find themselves at the center of the debate between financial transparency and individual privacy.

One of the central questions raised by critics is whether the focus on cryptocurrency-related money laundering is an excuse for governments to impose tighter control over digital assets. Several reports have suggested that the use of cryptocurrencies for criminal activities is relatively low compared to traditional forms of finance.

In 2022, United Nations officials revealed that terrorist organizations predominantly use cash to finance illicit activities, a claim that was later corroborated by the United States Treasury. According to a 2024 report from the US Treasury, fiat currency remains the preferred medium for criminal enterprises, even when digital assets are used in illicit schemes.

The Treasury report further admitted that the crimes committed using digital assets often mirror age-old scams that could just as easily have been carried out using cash or other forms of value. This raises questions about the true motivations behind the regulatory crackdown on cryptocurrencies and whether traditional financial systems are receiving less scrutiny despite being the primary tool for money laundering and terrorism financing.

Despite these findings, governments around the world continue to target privacy-enhancing tools in the cryptocurrency space. A high-profile example is the ongoing legal case against Roman Storm, co-founder of the Tornado Cash mixer. Tornado Cash, which enables users to obscure the origin of their transactions, has faced severe backlash from regulators, particularly in the United States.

On Sept. 26, 2024, a US judge ruled that the case against Storm could proceed, marking a significant step in the government’s efforts to curtail the use of crypto mixers for illicit purposes. Tornado Cash has been accused of facilitating money laundering by enabling users to anonymize transactions, making it difficult for law enforcement agencies to trace funds back to their origin.

This crackdown on privacy-enhancing tools has ignited a heated debate within the cryptocurrency community. While some argue that tools like Tornado Cash play an essential role in maintaining user privacy, others contend that such services are too easily abused by bad actors, necessitating stricter regulation or outright prohibition.

As the regulatory landscape continues to evolve, the fate of privacy coins and crypto mixers remains uncertain. Many experts believe that regulators are unlikely to allow these tools to operate freely without significant oversight. The recent actions taken by the US government, along with similar moves in other jurisdictions, indicate that a more stringent regulatory framework is on the horizon.

For privacy coins like Monero, this could mean tighter restrictions on where and how they can be traded. Several exchanges have already delisted Monero in response to regulatory pressure, and more may follow suit if the global crackdown on privacy coins intensifies.