North Korea’s Lazarus APT group has executed a series of high-value cryptocurrency heists, amassing over $240 million since June 2023, according to a report by Elliptic, a blockchain cybersecurity firm.
Furthermore, their targets included Atomic Wallet ($100 million), CoinsPaid ($37.3 million), Alphapo ($60 million), and Stake.com ($41 million). The group is also suspected of stealing $31 million from CoinEx, a prominent global cryptocurrency exchange. Elliptic’s analysis reveals that some of the stolen funds were laundered through various blockchain networks, indicating the Lazarus group’s evolving tactics.
The report highlights the escalation in Lazarus’ cyber operations, with five confirmed attacks on cryptocurrency entities since June 2023, including a suspected breach of CoinEx in September.
Notably, the group has transitioned from targeting decentralized services to centralized ones, primarily centralized virtual asset service providers, reflecting a tactical shift motivated by increased cybersecurity measures in the decentralized finance (DeFi) sector. These centralized exchanges are more vulnerable to social engineering attacks, emphasizing the need for robust cybersecurity in the crypto industry.
The research underscores the significant financial impact of private key breaches, totaling approximately $291.3 million, with 77.7% stemming from the five major incidents covered in the analysis. In September alone, losses exceeded $120 million, largely attributed to the Stake.com and CoinEx exploits.
The Lazarus group’s modus operandi involves spear-phishing Web3 company personnel to compromise sensitive credentials, prompting a call for heightened vigilance among employees in the Web3 sector, especially regarding unsolicited job offers with enticing compensation packages.
