Lazarus Group from North Korea maintains its fraudulent cryptocurrency actions including laundering stolen funds and launching fraudulent Zoom telephone calls against executives.
Blockchain security experts CertiK announced on March 13 that Lazarus Group deposited 400 ETH worth $759,444 into Tornado Cash mixing service which digital asset owners often use to hide their assets origins. The criminals continue their money washing activities despite stronger security measures now adopted by the industry. CertiK published an alert for internet user protection against new methods used by hackers.
Lazarus Group thanks to their extensive cybercriminal activities stole $624 million via a Ronin Network exploit in 2022 and remains connected to other major crypto theft events. Lazarus Group attempted to steal $1.4 billion from Bybit in a new cybercrime in February.
Lazarus Group Launders Millions
When stolen cryptocurrencies enter the market, security experts spot that hackers now aim to use malware to break into cryptocurrency development teams. For several months North Korean cybercriminals have used Node Package Manager supply chain attacks to plant malware in NPM software libraries before attacking crypto wallets and data servers.
North Korean hackers usually target the major cryptocurrency wallets MetaMask, Exodus, and Atomic. This malicious program targets digital assets and private data with its purpose of harming both developers and users.
In addition to their computer hacking expertise Lazarus Group now uses social engineering approaches to attack. Security Alliance researcher Nick Bax detected a new trend where cybercriminals pretended to be venture capitalists to enter crypto firms.
Bax explains that the hackers create Zoom meetings then create simulated tech problems to trick executives towards fraudulent links. Users who press the link download malicious software that harms their computer system.
According to Bax the overall financial losses related to this method reach double-digit millions and other attackers replicate this approach. Several Pixelmon top management officials like CEO Giulio Xiloyannis identified themselves as victims of the cyberattacks.
Lazarus Group Targets Zoom Calls
Xiloyannis detected improper behavior when the Zoom meeting opened in a web browser instead of the application while an unknown program attempted to install code on his terminal. Many industry professionals including Christoph Mussenbrock of Etherisc and Melbin Thomas of Devdock AI tried to fall prey to these scams but only escaped at the last moment.
The culprits behind the thefts have not been found yet but Chainalysis research links the attacks to North Korea. North Korean hacking groups transferred $1.34 billion through 47 thefts in 2024 and gathered 61% of all crypto theft funds that year according to research conducted by the firm.
Leading experts rank North Korea as a top state nation in digital currency laundering methods because their experts develop complex web-based deceptions to shield them from international sanctions through advanced theft tools.
Organizations working on cyber security and regulation Step Up Their Checks to Fight Against State Cybercriminals. Those working in industry must take every precaution when using online platforms to talk with unknown business contacts.