October 1, 2025 | 21:47Proceeds from the historic $1.5 billion Bybit hack have been linked to an unnamed Greek crypto exchange, with authorities detecting a suspicious transaction in May. The attack, attributed to North Korea’s Lazarus Group, saw Bybit recover $42.89 million so far, though 7.59% of funds remain untraceable due to mixers like Tornado Cash. Greece’s Anti-Money Laundering Authority has issued a seizure order and escalated the case for legal action, signaling increased scrutiny on crypto transactions in the country. The hack’s aftermath highlights the challenges of tracking stolen crypto, especially with sophisticated laundering techniques employed by state-sponsored groups.
read moreLazarus Group
1 posts last week
Lazarus Group Launders $5-10B in Crypto via Tron Black Market
ZachXBT exposes how stolen funds from recent crypto exchange hacks linked to North Korea’s Lazarus Group were laundered via illicit networks and small OTC brokers, with a Tron-based black market estimated at $5-10B. The investigator criticizes protocol teams for ignoring illicit activity, noting over 50% of some protocols’ usage may involve stolen funds. Lazarus Group has also shifted tactics, targeting CeFi job seekers with a new malware campaign called “ClickFix,” impersonating firms like Coinbase. ZachXBT warns of a “crime supercycle” with minimal accountability, urging stronger enforcement to prevent long-term damage to the crypto ecosystem.
read moreTether Freezes $12.3M USDT in Money Laundering Crackdown
Tether swiftly froze $12.3 million in USDT on the Tron blockchain, targeting wallets allegedly involved in money laundering and sanctions evasion. The company’s T3 Financial Crime Unit (FCU), in collaboration with Tron and TRM Labs, has blocked over $126 million in suspicious assets since late 2024, including $100 million in Q4 alone. Tether has also aligned with OFAC sanctions, freezing funds tied to entities like Russia’s Garantex and North Korea’s Lazarus Group. Additionally, Tether diversified its reserves by acquiring a $89 million stake in a gold royalty company, reinforcing its commitment to asset-backed stability. This dual strategy of strict enforcement and asset diversification aims to bolster trust in USDT amid tightening regulations.
read moreEthereum Foundation Backs Tornado Cash Devs in Legal Battle
The Ethereum Foundation has donated $500,000 to Tornado Cash developer Roman Storm’s legal defense, with plans to match an additional $750,000 from public contributors. This brings total community support for Storm to roughly $3 million as he faces charges of conspiring to launder over $1 billion in crypto. Separately, advocacy groups Coin Center and the DeFi Education Fund filed an amicus brief supporting Alexey Pertsev’s appeal in the Netherlands, arguing that holding developers liable for immutable smart contract code would stifle open-source innovation. Pertsev, sentenced to 64 months for money laundering, remains under electronic monitoring while his appeal proceeds. The OFAC recently delisted Tornado Cash smart contract addresses after a court ruled immutable code cannot be sanctioned, though criminal cases against the developers continue.
read moreCrypto Scammers Steal $37M, Send Funds to Cambodia
Five individuals involved in an international crypto scam have admitted to stealing $36.9 million from American victims, with proceeds sent to a crypto scam center in Cambodia. The fraudsters used shell companies and US bank accounts to collect stolen funds before converting them into Tether (USDT) and transferring them to a Cambodia-controlled wallet. The case underscores the US government’s intensified efforts to combat crypto scams and money laundering, particularly those linked to Asian operations like the North Korean Lazarus Group. Authorities continue to target such schemes to protect investors and maintain financial security.
read moreBitMEX Exposes Lazarus Group’s Security Lapses
A recent investigation by BitMEX security researchers has exposed amateur-level operational security lapses within the Lazarus Group, a North Korean state-sponsored hacking network. The probe revealed IP address leaks, including one tied to a hacker in Jiaxing, China, and unauthorized access to a Supabase database used by the group. These findings highlight significant vulnerabilities in the cybercrime network’s infrastructure, raising concerns about their operational security and potential countermeasures.
read moreBitMEX Thwarts Lazarus Group Phishing Attack
BitMEX disclosed a thwarted phishing attack by the Lazarus Group, a North Korean hacking collective known for targeting crypto firms. The attackers used LinkedIn to approach an employee with a fake Web3 NFT collaboration, attempting to lure them into running malicious GitHub code. BitMEX’s security team quickly identified the obfuscated JavaScript payload and traced it to infrastructure linked to North Korea. The Lazarus Group, responsible for $1.34 billion in stolen crypto in 2024, employs a mix of basic phishing and advanced post-exploitation tactics. Recent high-profile hacks, including the $1.4 billion Bybit breach, underscore the group’s evolving strategies. U.S. officials allege North Korea uses stolen crypto to fund its weapons programs, with some estimates suggesting it covers half of the regime’s missile budget.
read moreBitMEX Exposes Lazarus Group’s Security Lapses
A recent investigation by BitMEX’s security team exposed amateur-level operational security lapses in the Lazarus Group, a North Korean state-sponsored hacking network. The probe revealed IP address leaks, including one traced to Jiaxing, China, and unauthorized access to a Supabase database used by the group. These findings highlight the group’s vulnerabilities despite its notorious reputation for high-profile cyberattacks, particularly in the crypto space. The discoveries could aid law enforcement and cybersecurity experts in tracking and mitigating future threats from the Lazarus Group.
read moreLazarus Group Steals $5.2M in Crypto via Malware Exploit
The Lazarus Group, a North Korean hacking collective, executed a $5.2 million cryptocurrency heist on May 24 by exploiting malware vulnerabilities in multiple wallets, including exchange wallets and externally owned accounts (EOAs). Blockchain analyst ZackXBT identified three Ethereum addresses linked to the attack, revealing a shift in the group’s focus toward independent traders rather than large institutions. The stolen funds, including 1,000 ETH, were quickly laundered through Tornado Cash and dispersed across various wallets. Recent incidents, such as the sale of 40.78 WBTC for a 251% profit, further highlight the group’s sophisticated laundering techniques. Evidence suggests Lazarus still holds over $1.1 billion in crypto assets, distributed across Bitcoin, Ethereum, and Tether, underscoring their long-term presence in the dark crypto market.
read moreTelegram Shuts Down $27B Crypto-Fueled Black Market
Telegram has taken down Haowang Guarantee, a notorious black market that processed over $27 billion in illicit transactions, including laundered USDT, fake IDs, and tools for cyber scams. Investigators reveal that key players are migrating to successor platforms like Xinbi and Tudou Guarantee. The U.S. Treasury had previously flagged Haowang’s parent company as a money laundering concern, with ties to North Korean cyberheists and pig-butchering scams. Despite the crackdown, Elliptic warns that the cybercrime ecosystem remains active, with Xinbi alone processing $8.4 billion in suspicious funds.
read more