The North Korean hacker group, Lazarus, notorious for its involvement in large-scale cryptocurrency heists, has reportedly transitioned to using the YoMix bitcoin mixer for laundering stolen funds. This shift comes after governments imposed sanctions on several bitcoin mixing services previously utilized by the threat actor. According to Chainalysis, YoMix has experienced a substantial influx of funds throughout 2023, primarily attributed to Lazarus’ activities, signaling a strategic adaptation by the group to evade scrutiny.
Lazarus’ operations extend beyond crypto theft, with proceeds believed to finance both the group’s activities and North Korea’s weapons development program. Recent high-profile cryptocurrency thefts linked to Lazarus include the Ronin Network hack in March 2022, the Harmony Horizon hack in June 2022, and the Alphapo heist in July 2023. Despite the identification and sanctioning of platforms used by Lazarus for laundering, such as Blender and Tornado Cash, the group continues to pivot to new services like YoMix, underscoring the challenges faced by authorities in disrupting illicit financial activities.
Chainalysis highlights a significant surge in YoMix activity in the second quarter of 2023, sustained throughout the year, largely fueled by money laundering associated with crypto hacks. This growth demonstrates the ability of sophisticated threat actors like Lazarus to adapt and find alternative obfuscation services when previous options are shut down. Additionally, the report reveals trends in the concentration of money laundering activities at select fiat off-ramping services, indicating criminals’ efforts to diversify their operations to evade detection and asset freezing by law enforcement and compliance teams.
The report by Chainalysis offers insights into the evolving landscape of cryptocurrency-related illicit activities, revealing fluctuations in the movement of funds and the strategies employed by threat actors to launder proceeds. Despite regulatory efforts and the targeting of specific platforms, the resilience and adaptability of groups like Lazarus pose ongoing challenges for authorities seeking to combat financial crime in the digital realm.
