The North Korean hacker group Lazarus over the past 3-odd months has abducted cryptocurrency totaling almost $240 million, according to a report by the analytical company Elliptic on September 15th.
According to Elliptic, the Lazarus group is associated with five large hacker attacks on cryptocurrency platforms in recent times. The most recent target was the global cryptocurrency exchanger Coinex, where approximately $54 million was stolen. Elliptic believes that Lazarus is most likely behind this hack.
An analysis by Elliptic confirms that part of the funds stolen from Coinex was transferred to an address previously used by Lazarus to launder the funds stolen from the Stake cryptocasino.
The FBI recently stated that Lazarus stole $41 million in cryptocurrency from this platform. These data are consistent with previously published conclusions of the ZACHXBT researcher, who claimed that Coinex hackers accidentally tied their address “with the address using the address used in the attack on Stake. The stolen funds were then transferred to Ethereum using a “bridge” previously used by Lazarus.
In addition, Lazarus hackers mixed stolen products with addresses noticed during the Stake hacking and used the address involved in the hacker attack on Atomic Wallet in the amount of $100 million in June.
“In the light of this blockchain activity and the lack of data indicating other threats, Elliptic agrees that the Lazarus group should be suspected for the abduction of funds with Coinex,” the researchers noted.
Elliptic also emphasized that the recent attacks of the group are aimed at centralized platforms, possibly due to the fact that social engineering is more effectively applicable to such purposes.
Coinex had earlier published an open letter to hackers with a request to contact the company to discuss the possible return of stolen funds under “profitable” conditions. However, it is unlikely that Lazarus hackers will be interested in such a proposal.