Chainalysis links Lazarus to KuCoin hack worth $280m

The Lazarus hacking group, tied to the North Korean authorities, was behind the KuCoin cryptocurrency exchange attack that caused about $280 million in losses. Chainalysis analysts reached that conclusion.

North Korea-affiliated cybercrime syndicate Lazarus Group carried out the biggest cryptocurrency exchange hack of 2020, and the third-largest of all time. Learn more here. https://t.co/ERwrvXqgzu

— Chainalysis (@chainalysis) February 9, 2021

KuCoin was hacked in November. The exchange managed to identify suspects (no further details were provided) and subsequently recovered 84% of the $280 million of the stolen funds.

Experts attributed the incident to Lazarus based on a money-laundering “fingerprint” identified in prior Lazarus-linked episodes.

The attackers used a combination of mixers, exchange services and DeFi protocols. Transfers to mixers were made in amounts just below round numbers in BTC. Before sending the next batch of assets, the hackers waited for confirmation of the previous withdrawal. After mixing, the funds were sent to OTC brokers.

Chainalysis did not rule out that the stolen funds would go toward developing nuclear weapons.

In the diagram below, green lines indicate the movement of ETH or tokens. Purple highlights denote interactions with DeFi protocols.

Money-laundering diagram by the Lazarus group. Data: Chainalysis.

Use of DeFi marked a shift in Lazarus’s money-laundering strategy, specialists noted. The chart below shows the distribution of stolen funds across various channels.

Distribution of stolen Lazarus funds across various channels. Data: Chainalysis.

Earlier, UN experts reached similar conclusions about Lazarus’ involvement in the KuCoin hack. They estimated that the total amount stolen by North Korean hackers from 2019 through November 2020 exceeded $316.4 million, including $281 million from the KuCoin hack, although the exchange itself was not named. It is not ruled out that the UN used data from the analytics firm.

Chainalysis estimates that between 2018 and 2019 Lazarus stole cryptocurrency totaling about $1.75 billion, including $48.2 million from the Upbit hack.

Volume of Lazarus funds stolen in cryptocurrency exchange hacks. Data: Chainalysis.

In 2019, the UN said that North Korea attacked major crypto exchanges to obtain foreign currency to mitigate the impact of international sanctions. Analysts argued that these attacks helped North Korea steal about $2 billion.

North Korea denied the allegations.

In 2020, experts said that North Korea used cryptocurrency worth $1.5 billion to finance international trade and supply chains in circumventing sanctions.

According to U.S. military data, more than 6,000 hackers are at work worldwide under North Korea’s direction .

Follow ForkLog news on VK!