The Lazarus hacker group associated with the North Korean authorities is involved in a successful attack on the KuCoin bitcoin exchange, which caused $280 million in damage. This is the conclusion reached by Chainalysis analysts.

KuCoin was hacked in November. The exchange managed to identify the suspects (there were no clarifications) and subsequently returned 84% of the $280 million of stolen funds.

Experts blamed Lazarus for the incident based on the “handwriting” of money laundering identified for this group in previous episodes with its participation.

The attackers used a combination of mixers, exchange services and DeFi protocols. Sending funds to the mixers was carried out in amounts slightly below the round number in BTC. Before sending the next batch of assets, the hackers waited for confirmation of the withdrawal of the previous payment. After mixing, the funds were sent to OTC brokers.

Chainalysis did not rule out that the stolen funds will go to the development of nuclear weapons.

In the diagram below, the green lines indicate the movement of ETH or tokens. Interaction with DeFi protocols is highlighted in purple.

Money laundering scheme by Lazarus Group. Data: Chainalysis.

The use of DeFi marked a shift in the Lazarus group’s money laundering strategy, experts noted. The graph below shows the distribution of stolen funds through various channels.

Distribution of stolen funds through various channels by Lazarus Group. Data: Chainalysis.

UN experts came to similar conclusions regarding Lazarus’ involvement in the KuCoin hack earlier. They estimated that the total amount of funds stolen by North Korean hackers in the period from 2019 to November 2020 amounted to more than $316.4 million, including $281 million as a result of the KuCoin hack, although the exchange itself was not mentioned. It is possible that the UN used data from an analytical firm.

According to Chainalsysis estimates, during 2018-2019, Lazarus managed to steal a total of $1.75 billion worth of cryptocurrency, including $48.2 million as a result of the Upbit hack.

The amount of funds stolen by the Lazarus group as a result of hacking cryptocurrency exchanges. Data: Chainalysis.

Recall that back in 2019, the UN said that North Korea attacked large crypto exchanges in order to obtain foreign currency and thus mitigate the consequences of international sanctions. Analysts claimed that with the help of these attacks, the DPRK stole about $ 2 billion.

In North Korea, the accusations were denied.

In 2020, experts said that the DPRK uses a cryptocurrency worth $1.5 billion to finance international trade and supply chains, bypassing sanctions.

According to the US Army, there are more than 6,000 hackers working under the leadership of North Korea around the world.