cyrpto cash, ETH, Group, Lazarus, moves, Tornado Mark March 13, 2025 0 Comments

Lazarus Group Moves 400 ETH to Tornado Cash

The Lazarus group of North Korea is continuing its crypto laundering operations, by moving illicit funds while deploying new malicious software to target developers and steal digital assets.

On March 13, the safety company Blockchain Certik detected a deposit of 400 Ethereum (Ethn), worth $ 750,000, in tornado cash. The transaction was traced for Lazarus’ activity on Bitcoin (BTC) network. The group was linked to several high -level hacks, including the $ 1.4 billion loss exploit in February.

#CertiKInsight 🚨

We have detected deposit of 400 ETH in https://t.co/0lwPdz0OWi on Ethereum from:
0xdB31a812261d599A3fAe74Ac44b1A2d4e5d00901
0xB23D61CeE73b455536EF8F8f8A5BadDf8D5af848.

The fund traces to the Lazarus group's activity on the Bitcoin network.

Stay Vigilant! pic.twitter.com/IHwFwt5uQs

— CertiK Alert (@CertiKAlert) March 13, 2025

After the hack, the group hid the stolen funds using a variety of techniques. To exchange and transfer large amounts of cryptocurrency, they used decentralized exchanges like Thorchain (RUNE), which do not require identity checks.

The reports show that in five days, around 2.91 billion dollars moving Thanks to Thorchain, which makes much more difficult to follow and recover money.

In another wave of cyber attacks, the Lazare group also launched six new malicious Software packages on the Node Package Manager platform, a tool used by developers to manage and install JavaScript packages for their projects. On March 11, the security company Socket published a report On malware, which is designed to steal identification information and cryptographic portfolio data.

Malware, including a package called beavertail, disguises itself as legitimate JavaScript libraries using typosquatting, where attackers slightly modify the names of trust software to encourage developers to download it. It mainly targets the references stored in Chrome, Brave and Firefox browsers, as well as in Solana and Exodus wallets.

In addition, the group tried to deceive the founders of Crypto using false zoom calls. The pirates present themselves as venture capital and send false meeting links, demanding audio problems. When the victims download an supposed solution, malicious software is installed. Security researchers reported that several Crypto founders have met these scams.

According to the analysis channel, the North Korean pirates stole More than $ 1.3 billion in crypto on 47 attacks in 2024, more than double the amount stolen in 2023.