Stablecoin Issuers Freeze $5 Million in Funds Tied to North Korean Lazarus Group

Key Points

• Four major stablecoin issuers have frozen nearly $5 million in stablecoins linked to the North Korean state-sponsored Lazarus hacking group, following an investigation by blockchain analyst ZachXBT.
• The investigation revealed that the Lazarus Group had laundered over $200 million in cryptocurrency into fiat currency over a three-year period, stemming from 25 separate exploits across various blockchains.
  

  ---

Background on the Lazarus Group

The Lazarus Group, a notorious North Korean state-sponsored hacking organization, has been a significant threat in the cryptocurrency space for years. Known for their sophisticated cyber attacks, the group has been responsible for numerous high-profile cryptocurrency heists, targeting exchanges, DeFi protocols, and other blockchain-based platforms.

ZachXBT’s Investigation

Blockchain sleuth ZachXBT, in collaboration with employees from Metamask, Binance, TRM Labs, and Five I’s LLC, conducted an extensive investigation into the Lazarus Group’s activities. The investigation uncovered a complex money laundering operation that spanned three years and involved:

• 25 separate exploits on various blockchains
• The use of multiple peer-to-peer marketplace accounts to cash out stolen funds
• The laundering of over $200 million in cryptocurrency into fiat currency

Stablecoin Issuers Take Action

Following ZachXBT’s findings, four major stablecoin issuers took decisive action:

1. Tether (USDT)
2. Circle (USDC)
3. Techteryx (TUSD)
4. Paxos (BUSD)

These issuers collectively froze nearly $5 million in stablecoins held in two wallet addresses linked to the Lazarus Group. ZachXBT confirmed this action in a statement on X (formerly Twitter), saying:

“As of today all four stablecoin issuers (Paxos, Tether, Techteryx, Circle) have now blacklisted the two addresses below with $4.96M from Lazarus Group. Another $1.65M is frozen at various exchanges bringing the total frozen from my investigation to $6.98M.”

Remaining Unfrozen Assets

While the stablecoin freeze represents a significant blow to the Lazarus Group’s operations, it’s worth noting that not all assets in the identified wallets have been frozen:

• Approximately $720,000 worth of DAI stablecoin remains unfrozen
• About $313,000 worth of Ethereum is still accessible

Implications and Industry Response

This coordinated action by stablecoin issuers demonstrates the cryptocurrency industry’s growing ability to respond to security threats and illicit activities. It also highlights the importance of blockchain analysis in tracking and mitigating cybercrime in the crypto space.

However, ZachXBT raised concerns about the response time of some issuers, particularly Circle, which reportedly took 4.5 months to freeze the tokens. This delay underscores the ongoing challenges in rapidly responding to identified threats in the cryptocurrency ecosystem.

As the industry continues to mature, the collaboration between blockchain analysts, cryptocurrency companies, and law enforcement agencies will likely play an increasingly crucial role in combating sophisticated cyber threats like the Lazarus Group.