Lazarus Group sends 400 ETH to Tornado Cash, deploys new malware
North Korean-affiliated hacking collective the Lazarus Group has been moving crypto assets using mixers following a string of high-profile hacks.
On March 13, blockchain security firm CertiK alerted its X followers that it had detected a deposit of 400 ETH (ETH) worth around $750,000 to the Tornado Cash mixing service.
“The fund traces to the Lazarus group’s activity on the Bitcoin network,” it noted.
The North Korean hacking group was responsible for the massive Bybit exchange hack that resulted in the theft of $1.4 billion worth of crypto assets on Feb. 21.
It has also been linked to the $29 million Phemex exchange hack in January and has been laundering assets ever since.
Lazarus Group crypto asset movements. Source: Certik
Lazarus has also been linked to some of the most notorious crypto hacking incidents, including the $600 million Ronin network hack in 2022.
North Korean hackers stole over $1.3 billion worth of crypto assets in 47 incidents in 2024, more than doubling thefts in 2023, according to Chainalysis data.
New Lazarus malware detected
According to researchers at cybersecurity firm Socket, Lazarus Group has deployed six new malicious packages to infiltrate developer environments, steal credentials, extract cryptocurrency data and install backdoors.
It has targeted the Node Package Manager (NPM) ecosystem, which is a large collection of JavaScript packages and libraries.
Researchers discovered malware called “BeaverTail” embedded in packages that mimic legitimate libraries using typosquatting tactics or methods used to deceive developers.
“Across these packages, Lazarus uses names that closely mimic legitimate and widely trusted libraries,” they added.
Related: Inside the Lazarus Group money laundering strategy
The malware also targets cryptocurrency wallets, specifically Solana and Exodus wallets, the added.
Code snippet showing Solana wallet attacks. Source: Socket
The attack targets files in Google Chrome, Brave and Firefox browsers, as well as keychain data on macOS, specifically targeting developers who might unknowingly install the malicious packages.
The researchers noted that attributing this attack definitively to Lazarus remains challenging; however, “the tactics, techniques, and procedures observed in this npm attack closely align with Lazarus’s known operations.”
Magazine: Mystery celeb memecoin scam factory, HK firm dumps Bitcoin: Asia Express
Bitcoin (BTC) $ 99,222.00
Ethereum (ETH) $ 2,180.82
Tether (USDT) $ 1.00
XRP (XRP) $ 1.96
BNB (BNB) $ 607.59
Solana (SOL) $ 129.06
USDC (USDC) $ 0.999802
TRON (TRX) $ 0.261145
Dogecoin (DOGE) $ 0.146421
Lido Staked Ether (STETH) $ 2,176.26
Cardano (ADA) $ 0.525374
Wrapped Bitcoin (WBTC) $ 99,206.00
Hyperliquid (HYPE) $ 34.52
Wrapped stETH (WSTETH) $ 2,633.33
Bitcoin Cash (BCH) $ 447.15
LEO Token (LEO) $ 9.01
Sui (SUI) $ 2.37
Chainlink (LINK) $ 11.26
USDS (USDS) $ 0.999782
Stellar (XLM) $ 0.222294
WhiteBIT Coin (WBT) $ 48.04
Avalanche (AVAX) $ 15.97
Toncoin (TON) $ 2.66
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00
Shiba Inu (SHIB) $ 0.000010
Litecoin (LTC) $ 78.24
WETH (WETH) $ 2,179.50
Wrapped eETH (WEETH) $ 2,335.38
Ethena USDe (USDE) $ 1.00
Hedera (HBAR) $ 0.129526
Monero (XMR) $ 290.33
Polkadot (DOT) $ 3.08
Bitget Token (BGB) $ 3.98
Coinbase Wrapped BTC (CBBTC) $ 99,329.00
Pi Network (PI) $ 0.494931
Dai (DAI) $ 1.00
Uniswap (UNI) $ 6.10
Pepe (PEPE) $ 0.000009
Aave (AAVE) $ 216.37
Ethena Staked USDe (SUSDE) $ 1.18
OKB (OKB) $ 49.06
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Bittensor (TAO) $ 295.76
sUSDS (SUSDS) $ 1.06
Aptos (APT) $ 3.85
Cronos (CRO) $ 0.078782
Internet Computer (ICP) $ 4.45
Jito Staked SOL (JITOSOL) $ 156.22
Ethereum Classic (ETC) $ 14.85
NEAR Protocol (NEAR) $ 1.83
USD1 (USD1) $ 1.00
Tokenize Xchange (TKX) $ 27.31
Ondo (ONDO) $ 0.647069
Mantle (MNT) $ 0.579570
Fasttoken (FTN) $ 4.43
Gate (GT) $ 15.51
Official Trump (TRUMP) $ 8.53
Cosmos Hub (ATOM) $ 3.63
Lombard Staked BTC (LBTC) $ 99,162.00
Kaspa (KAS) $ 0.061985
VeChain (VET) $ 0.018731
POL (ex-MATIC) (POL) $ 0.166677
Sky (SKY) $ 0.070443
First Digital USD (FDUSD) $ 0.996862
Artificial Superintelligence Alliance (FET) $ 0.567459
USDtb (USDTB) $ 1.00
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.12
Ethena (ENA) $ 0.230010
Render (RENDER) $ 2.68
USDT0 (USDT0) $ 1.00
Filecoin (FIL) $ 2.02
Algorand (ALGO) $ 0.155141
KuCoin (KCS) $ 10.75
Binance-Peg WETH (WETH) $ 2,181.93
Worldcoin (WLD) $ 0.799552
Arbitrum (ARB) $ 0.260247
Quant (QNT) $ 86.49
Binance Staked SOL (BNSOL) $ 136.16
Sei (SEI) $ 0.198886
NEXO (NEXO) $ 1.08
Flare (FLR) $ 0.015635
Kaia (KAIA) $ 0.177600
Rocket Pool ETH (RETH) $ 2,484.48
Kelp DAO Restaked ETH (RSETH) $ 2,282.68
Polygon Bridged USDT (Polygon) (USDT) $ 1.00
Binance Bridged USDC (BNB Smart Chain) (USDC) $ 1.00
Jupiter (JUP) $ 0.335185
PayPal USD (PYUSD) $ 0.999632
SPX6900 (SPX) $ 1.02
Celestia (TIA) $ 1.36
Bonk (BONK) $ 0.000012
Injective (INJ) $ 9.32
XDC Network (XDC) $ 0.055486
Fartcoin (FARTCOIN) $ 0.885014
PAX Gold (PAXG) $ 3,447.48
Virtuals Protocol (VIRTUAL) $ 1.31
Solv Protocol BTC (SOLVBTC) $ 99,174.00
Tether Gold (XAUT) $ 3,418.71
Optimism (OP) $ 0.474083
Stacks (STX) $ 0.541205
