Skip to content Skip to footer

Lazarus Group beefs up attacks, new report claims group is responsible for $240M stolen in 104 days

All in all, Elliptic estimates that Lazarus Group is responsible for theft totalling $240M in the past 104 days alone.

North Korean hacker group Lazarus has continued to ramp up its cyberattacks this year.

A new report suggests that the group has successfully stolen $240M in the last three months.

Lazarus Group pulled off a lot of attacks successfully

According to a new report from Elliptic, a Blockchain analytics company, the hacking group is behind five recent hacks in the crypto space. Among the five, the Federal Bureau of Investigation (FBI) has confirmed that the group is behind four.

The series of attacks began in June with Atomic Wallet losing $100M. Then followed CoinsPaid in late June, Alphapo in July, and earlier this month.

The latest attack was an attack on centralised crypto exchange, CoinEx. According to reports, the group stole $55M from the exchange on September 12.

All in all, Elliptic estimates that Lazarus Group is responsible for theft totalling $240M in the past 104 days alone.

“Elliptic analysis confirms that some of the funds stolen from CoinEx were sent to an address which was used by the Lazarus group to launder funds stolen from the Drake-backed crypto casio, albeit on a different blockchain,” wrote Elliptic.

On Friday, CoinEx published an open letter to hackers demanding that they get in touch with the company via email or the blockchain to discuss a bug reward and possible refund.

Read more: Balancer hacked—$900K stolen after reporting critical vulnerability

Shift in tactic

The catastrophic loss of the $625 million gaming-focused blockchain network Ronin was one of the high-profile attacks that this group was linked to last year. Elliptic’s study implies that the hacker group may be shifting its strategy after a period of relative calm.

“An analysis of Lazarus’ latest activity suggests that since last year, they have shifted their focus from decentralised services to centralised ones,” Elliptic said. “Four of the five recent hacks discussed previously are of centralised virtual asset service providers.”

The reasons for this shift in focus may be linked to the recent reinforcement of security on decentralised exchanges. Also, Lazarus Group employs social engineering as an hacking tool which is more effective against centralised exchanges.

“Centralised exchanges, meanwhile, will likely operate bigger workforces, thus widening the scope of possible targets,” Elliptic noted. “They are also likely to operate using centralised internal information technology systems, allowing Lazarus malware a greater chance to penetrate the intended functions of their business.”

Disclaimer: CryptoPlug does not recommend that any cryptocurrency should be bought, sold, or held by you. Do conduct your own due diligence and consult your financial advisor before making any investment decisions.

Leave a comment

Go to Top