North Korea’s state sponsored hacking group Lazarus has engaged sophisticated targeted attacks on cryptocurrency businesses. On April 14, 2022, the F.B.I. and the U.S. Treasury department - through the sanctions designation of an Ethereum address associated with Lazarus - tied North Korea to the March 2022 $600 million hack of the Ronin bridge associated with the popular play-to-earn game Axie Infinity.
In February 2022, the Center for a New American Security (CNAS) published a paper titled “Following the Crypto: Using Blockchain Analysis to Assess the Strengths and Vulnerabilities of North Korean Hackers.” The report, produced in collaboration with TRM, focuses on the way North Korea attacks cryptocurrency businesses and launders the stolen funds. According to the report, “Since 2014, the Pyongyang-led cybercrime organization known as the Lazarus Group has transformed from a rogue team of hackers to a masterful army of cybercriminals and foreign affiliates, capable of compromising major national financial networks and stealing hundreds of millions of dollars’ worth of virtual assets.”
We know that North Korea has taken to the digital battlefield and that cryptocurrency is the target. We know that North Korea engages in sophisticated hacking techniques and relies on social engineering to evade cybersecurity controls. But what can we learn from the report about the ways in which DPRK cybercriminals launder stolen funds? TRM Talks to experts on the matter to find out.
Jason Bartlett, Research Assistant, CNAS
Aaron Arnold, Senior Associate Fellow, RUSI
Alex Zerden, Principal Founder, Capitol Peak Strategies
Nick Carlsen, former FBI expert on North Korea now Global Investigations, TRM Labs
Want more content like this?
- Follow us on social: LinkedIn | Twitter
- Subscribe to our newsletter
- Subscribe to our YouTube channel
- Sign up for future virtual events
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.