This article is more than 1 year old

Crypto exchanges freeze accounts tied to North Korea’s notorious Lazarus Group

Well whaddya know, the crypto ecosystem did the right thing by stiffing the WannaCry bandits

Two cryptocurrency exchanges have frozen accounts identified as having been used by North Korea’s notorious Lazarus Group.

This story starts with a crypto researcher who goes by “ZachXBT” and late last week spotted an entity called “Lazarus Group” moving 41,000 ETH “from the Harmony Bridge hack through Railgun on Jan 13-14 2023 before depositing funds on three exchanges.”

The Harmony bridge was a crypto-transfer service that was attacked in June 2022, with around $100m of crypto lost as a result of the attack.

Analysts quickly identified Lazarus Group as the sort of entity that could be interested in attacking Harmony.

Lazarus Group is identified suspected of being a cybercrime crew run by the government of North Korea and is infamous for the WannaCry ransomware, attacking Sony Pictures and stealing secrets from energy companies.

It later moved on to crypto heists and has been fingered for the theft of $620 million of crypto from game developer Sky Mavis, publisher of a crypto-centric game named Axie Infinity.

North Korea steals crypto because sanctions make it hard for the rogue nation to access fiat currencies. The nation’s murderous regime conducts wholesale human rights abuses of its citizenry but needs funds to pursue the conventional missile and nuclear weapons programs that help to keep its rulers in power by making the cost of seeking regime change unacceptable to nations that oppose its violent autocracy.

The US State Department does, however, offer a $10 million reward for information on North Korea’s state-sponsored hacking in the hope of more effectively combating North Korea’s cybercrime program.

While cryptocurrency enthusiasts wax lyrical about the anonymity the tokens offer, the reality is it’s possible to track their movement. The likes of Lazarus Group therefore leave signs of their passing as they attempt to move stolen cryptocoin.

Those attempts were spotted by ZachXBT and also noticed by crypto exchange Binance which froze accounts allegedly involved in Lazarus Group’s efforts.

The “Huobi” referred to in the Tweet above is another crypto exchange and it, too, acted to prevent Lazarus Group resurrecting the proceeds of the Harmony heist for use by the North Korean regime.

The accounts frozen by Binance and Huobi amounted to 124BTC - $2.6 million at the time of writing.

That’s a decent chunk of change to deny North Korea’s regime. And perhaps a feather in the cap for the crypto community as it battles its ongoing infosec, regulatory, fraud, and existential woes. ®

More about


Send us news

Other stories you might like