In This Article
According to a report by cybersecurity company Silent Push, North Korean hackers associated with the Lazarus Group have created three shell companies, two of which were registered in the United States.
These fake legal entities are actively used to attack developers of various crypto projects with malware in an attempt to steal their coins. The companies in question are BlockNovas LLC and SoftGlide LLC, which are registered in the states of New Mexico and New York, respectively.
A third company, Angeloper Agency, also appears in the investigation, but is not registered in the United States.
How cryptocurrencies are being stolen today
The ongoing attacks using the aforementioned companies are the work of Contagious Interview, a faction within the larger North Korean hacking team Lazarus.
The fake entities in this case are used to distribute malware. Domains and subdomains associated with their activity include lianxinxiao[.]com, blocknovas[.]com, and apply-blocknovas[.]site.
According to Silent Push analysts, the purpose of these entities is to spread malware through fake job offers targeting job seekers in the crypto industry. Their attacks targeted crypto project developers for the sake of then hacking wallets and stealing credentials to then attack real companies.
Experts say that criminals used fictitious identities and addresses to register companies, and fake employee profiles generated by artificial intelligence were used to give legitimacy to the organizations.
State-sponsored hacker group Lazarus has long used fake job openings as a way to spread viruses. This strategy has proven particularly effective against companies associated with digital assets. They most often have their own crypto reserves that can be stolen using appropriate viruses and social engineering.
The most famous incident of the aforementioned strategy was the hacking of the Ronin sidechain game Axie Infinity in 2022. Back then, a fake job offer led to the compromise of an employee of developer Sky Mavis, allowing Lazarus to steal $625 million in ETH and USDC.
Another high-profile incident was the hacking of the Horizon blockchain bridge the same year, which resulted in the theft of $100 million from Project Harmony.
The UN and Chainalysis experts estimate that Lazarus attackers have stolen more than $3 billion in crypto since 2017. At the same time, attacks with fake jobs have become one of the hackers' key tools.
Unfortunately, fighting Lazarus is an extremely resource-intensive task, as the group is funded directly by the North Korean government. The stolen funds are actively used for various government programs in the country, including the financing of weapons production.
How many bitcoins does Strategy have?
In addition to hackers, Bitcoin can be directly harmed by centralization. It appears one way or another when one owner manages to accumulate a critically large amount of BTC under its control. Now the main candidate for such a player is Strategy which started accumulating BTC back in August 2020.
However, even a hypothetical accumulation of nearly 48 percent of Bitcoin's total supply of 10 million coins by a company does not pose a threat to the cryptocurrency's protocol or price. This is the opinion of Bitcoin Standard author Saifedean Ammous, who voiced his thoughts on the matter.
If Michael Sailor ends up collecting 10 million BTC, what will he do with it? Most likely, he'll just use them as collateral to buy more bitcoins. Ultimately, I don't see how this would seriously threaten the protocol.
Ammous noted that if that were the case, Sailor would not want to make any changes to the Bitcoin protocol, as it could reduce the value of the coins it already holds.
Many crypto enthusiasts have previously expressed concerns about Bitcoin's large holders and possible risks - market manipulation, centralization or liquidity issues.
As of today, Strategy owns 538,200 BTC worth about $50.18 billion. At the same time, assets in the underlying Bitcoin-ETF under the ticker IBIT from the world's largest investment firm BlackRock total $54.48 billion, which is roughly equal to 585 thousand BTC.
Together, the two companies control approximately 5.3 percent of Bitcoin's entire supply. Ammous argues that this is no cause for concern. He continues:
It's not like Michael Saylor or BlackRock executive Larry Fink personally own all these bitcoins. They have shareholders or ETF holders who are the actual owners of these coins. To the extent that BlackRock and Strategy own said coins, they do so as part of their duties to the shareholders and ETF holders.
He also explained that if BlackRock or Strategy were to dispose of these assets in a manner detrimental to holders or abuse their position, investors would simply sell the assets and find other ways to access Bitcoin. However, even such a hypothetical process would still cause serious turbulence in the market.
Laundering and Monetization Strategies
Stealing the assets is only half the challenge; laundering and converting them into usable funds is equally critical. Lazarus has demonstrated remarkable proficiency in this domain, leveraging automated tools, crypto mixers like Tornado Cash, and a network of intermediaries to obscure the financial trail.
According to blockchain analytics experts, the group operates around the clock-potentially in shifts-to quickly convert stolen cryptocurrencies into cash, minimizing the window for law enforcement intervention.
It is estimated that, following major heists, a significant portion of the assets “go dark,” becoming virtually unrecoverable as they are funneled through mixers and exchanges across multiple blockchains.
Industry Response and the Road Ahead
The scale and frequency of Lazarus’s attacks have prompted a growing recognition within the crypto industry of the need for enhanced security protocols.
Experts emphasize the importance of proactive defense strategies, including robust employee vetting, multi-factor authentication, continuous monitoring for anomalous transactions, and the development of in-house security expertise.
Regulatory bodies and law enforcement agencies have also stepped up their efforts, seizing domains, issuing public warnings, and pursuing sanctions against entities and individuals linked to North Korean cyber operations.
Despite these efforts, the Lazarus Group continues to adapt, leveraging new technologies such as artificial intelligence to generate convincing fake identities and automate aspects of their attacks.
As the cryptocurrency market matures, the ongoing battle between defenders and attackers is likely to intensify, with each side racing to outpace the other in an ever-evolving digital arms race.
The bottom line
The Lazarus Group’s evolution from phishing emails and fake companies to billion-dollar exchange breaches underscores the dynamic nature of cyber threats in the cryptocurrency sector.
Their blend of technical prowess, social engineering, and state support makes them uniquely dangerous. While the industry is becoming more resilient, the need for constant vigilance and innovation in security practices has never been clearer.
As long as vast sums of digital assets remain accessible online, Lazarus and groups like it will continue to pose a formidable challenge to both industry players and global regulators.
