- Lazarus Group laundered $750K through Tornado Cash on March 13.
- New BeaverTail malware targets Solana and Exodus wallets.
- Lazarus-linked crypto thefts hit $1.3B in 2024, doubling 2023.
The Lazarus Group of North Korea maintains active operations in crypto domain activities by transferring stolen funds through newly developed developer-targeting malware. Lazarus Group continues its operation by using sophisticated techniques to steal cryptocurrency funds while also focusing on laundering assets to other platforms.
Blockchain security firm CertiK detected on March 13 that the Tornado Cash mixing service received a 400 ETH deposit worth around $750,000. CertiK investigators matched the deposit with Bitcoin transactions that the Lazarus Group conducted previously. The group hid its stolen money through transfer routes involving decentralized exchanges like THORChain to execute undetected large transactions.
#CertiKInsight 🚨
— CertiK Alert (@CertiKAlert) March 13, 2025
We have detected deposit of 400 ETH in https://t.co/0lwPdz0OWi on Ethereum from:
0xdB31a812261d599A3fAe74Ac44b1A2d4e5d00901
0xB23D61CeE73b455536EF8F8f8A5BadDf8D5af848.
The fund traces to the Lazarus group's activity on the Bitcoin network.
Stay Vigilant! pic.twitter.com/IHwFwt5uQs
Lazarus Group participated in two major crypto heists: stealing $600 million from the Ronin network in 2022 and breaching Ronin in the same year. The data from Chainalysis shows North Korean hackers conducted 47 crypto thefts which led to over $1.3 billion in losses during 2024, thus establishing an unprecedented double increase from the previous year. One of the attacks by the malicious group occurred against Bybit Exchange, resulting in the theft of $1.4 billion worth of digital assets on February 21.
Lazarus Deploys Malicious Packages in NPM Ecosystem
The cybersecurity experts at Socket found six new malicious packages from the Lazarus Group hidden in the Node Package Manager (NPM) network. The packages implement typo-squatted tricks to mimic authorized JavaScript libraries while seeking to break into developer systems and steal sensitive information.
The malware strain named BeaverTail enters systems to install backdoors while stealing credentials and specifically targets Solana and Exodus wallet platforms. Technological analysis has revealed that Lazarus Group uses deceptive package names that mimic distinguished trusted libraries during development attempts. Installation of the malware enables access to browser files from Google Chrome as well as Brave and Firefox and keychain data stored on macOS systems.
Developers form the main target of this attack since they buy and install packages containing malware without being aware of it. The researchers could not confirm Lazarus as the direct perpetrator despite observing operational techniques that matched earlier Lazarus Group activities. The initiative serves as the group’s latest demonstration of continued attacks against crypto sector supply chains.
Lazarus Uses Advanced Tactics to Bypass Security Measures
The rising cybercrime activities performed by the Lazarus Group demonstrate a lasting danger for cryptocurrency platforms. Lazarus Group develops its tactics by using complex techniques to circle security systems. The research community stresses the need for better security protocols, which developers must implement for cryptocurrency-related projects specifically.
Digital asset security has faced an escalating threat according to increasing numbers of digital attacks observed in this space. Security experts warn developers and crypto firms to stay alert against continuous hacking developments. The Lazarus Group’s operations highlight the highly complex nature of current cyber threats, which continues to hinder the development of the crypto industry.
Highlighted Crypto News Today:
