Lazarus Group’s Crypto Fortune: $47 Million Strong, Mostly in Bitcoin – But Where Are the Privacy Coins?

Ever wondered where the digital loot from major crypto hacks ends up? New data has peeled back the curtain on the cryptocurrency stash of the notorious North Korean hacking group, Lazarus Group. Buckle up, because the numbers are quite revealing!

Lazarus Group’s Crypto Treasure Chest: A Breakdown

According to a recent deep dive by Dune Analytics, powered by 21.co (the folks behind 21Shares), wallets linked to Lazarus Group are currently holding a cool $47 million in digital assets. And guess what dominates their portfolio? You got it – Bitcoin (BTC)!

Let’s break down their holdings:

• Bitcoin (BTC): A whopping $42.5 million – making it the king of their crypto castle.
• Ether (ETH): A solid $1.9 million in the second-largest cryptocurrency.
• BNB: Around $1.1 million in Binance’s native token.
• Stablecoins (Primarily BUSD): $640,000, mainly in Binance USD, offering a safe harbor from market volatility.

These figures are based on 295 wallets identified by heavy hitters like the FBI and OFAC (Office of Foreign Assets Control) as belonging to the Lazarus Group. Think of it as a digital paper trail meticulously pieced together by global authorities.

The Shrinking Stash: From $86 Million to $47 Million – What Happened?

Interestingly, Lazarus Group’s crypto war chest isn’t as full as it once was. Just a few weeks prior, on September 6th, their holdings were estimated to be around $86 million. That’s a significant drop! This decrease coincided with the aftermath of the Stake.com hack, where Lazarus was reportedly in the spotlight. Could they be moving funds, cashing out, or facing increased scrutiny?

The Privacy Coin Puzzle: Why No Monero, Dash, or Zcash?

Here’s a head-scratcher: For a group known for sophisticated cyber operations and evading detection, Lazarus Group surprisingly doesn’t hold any privacy coins. We’re talking about cryptocurrencies like Monero (XMR), Dash, or Zcash – coins designed to make transactions much harder to trace.

Why the preference for more transparent cryptos like Bitcoin? It’s a curious question. Perhaps:

• Liquidity: Bitcoin and Ether are far more liquid and easier to exchange.
• Acceptance: They might need to use these cryptocurrencies for specific purposes where Bitcoin is more readily accepted.
• Operational Security Miscalculation: Maybe they overestimate their ability to launder even traceable cryptocurrencies effectively.

Active Wallets and Ongoing Threats

Despite the scrutiny, Lazarus Group’s crypto wallets are far from dormant. Transactions are still happening, with the most recent activity recorded as recently as September 20th. This suggests ongoing operations and a continued reliance on cryptocurrency for their activities.

21.co also points out that the $47 million figure is likely a conservative estimate. Their report emphasizes, “We should note that this is a lower-bound estimation of Lazarus Group’s crypto holdings based on publicly available information.” The true extent of their digital wealth could be even larger!

Lazarus Group’s Expanding Cybercrime Portfolio

Lazarus Group’s activities extend beyond just holding crypto. They’ve been linked to a string of high-profile cyber heists, including:

• The CoinEx exchange attack, resulting in losses of at least $55 million.
• Attacks on Alphapo, CoinsPaid, and Atomic Wallet, collectively netting them over $200 million in 2023 alone, according to the FBI.

However, there’s a glimmer of good news. Chainalysis reports a significant 80% drop in crypto thefts by North Korea-linked hackers compared to the previous year. While still substantial at $340.4 million stolen by mid-September, it’s a considerable decrease from the staggering $1.65 billion pilfered in 2022. Is this a sign of increased global efforts to combat crypto crime, or just a temporary lull?

Adding to the concern, U.S. federal authorities recently issued a warning about the “significant risk” Lazarus Group poses to the U.S. healthcare sector. This highlights the group’s evolving targets and the broad scope of their malicious activities.

Key Takeaways: What Does This Mean?

The Lazarus Group’s $47 million crypto portfolio offers a fascinating, albeit concerning, glimpse into the world of state-sponsored cybercrime. Here’s what stands out:

• Bitcoin Remains King: Despite traceability concerns, Bitcoin is still the dominant cryptocurrency of choice for illicit activities, likely due to its liquidity and widespread acceptance.
• Activity Continues: Lazarus Group’s wallets are active, indicating ongoing operations and a need to manage and potentially move their digital funds.
• Evolving Threat: From crypto exchanges to healthcare, Lazarus Group’s targets are diverse, and their activities pose a significant and evolving threat to global security.

As the digital landscape continues to evolve, so too will the tactics of groups like Lazarus. Staying informed, enhancing cybersecurity measures, and international cooperation are crucial in mitigating these ever-present threats in the crypto space and beyond.