Lazarus Group’s Money Laundering Tactics Evolve with YoMix and Cross-Chain Bridges: Chainalysis Report
In Brief
Lazarus Group utilizes mixer protocol YoMix and cross-chain bridges for money laundering, claims a new Chainalysis report.
Cybercrime group run by the government of North Korea, Lazarus Group, known for its cyberattacks targeting various cryptocurrency companies such as Harmony, Coincheck, Atomic Wallet, among others, transitioned to a new mixer protocol, YoMix, from the previously used Tornado Cash.
According to a recent blockchain analysis firm Chainalysis report, North Korean hackers are switching to new money laundering methods, increasingly utilizing cross-chain bridges in their illicit activities.
During 2023, funds flowing into YoMix increased fivefold, with approximately one-third originating from wallets linked to cryptocurrency hacks. The report says that the growth of YoMix and its adoption by the Lazarus Group serves as a “prime example” of sophisticated actors’ ability to adapt and identify alternative obfuscation services in response to the shutdown of previously popular ones.
The Lazarus Group has also incorporated the use of cross-chain bridges as bridging protocols, which gained substantial popularity among cybercriminals. In 2023, they received a total of $743.8 million worth of cryptocurrency from addresses associated with criminal activities, marking a twofold increase compared to the $312.2 million recorded in 2022.
Notably, hackers affiliated with North Korea have been among those to utilize bridges for money laundering the most.
Centralized Exchanges and DeFi Platforms Gain Traction as Money Laundering Sources
In 2023, blockchain wallets associated with illicit activities facilitated the transfer of $22.2 billion in cryptocurrency to different platforms and services designed to obscure the origin of funds, such as exchanges, mixers, and decentralized finance (DeFi) platforms. However, this number is notably lower than the $31.5 billion reported by Chainalysis in 2022.
Overall, cryptocurrency mixers experienced a decline in popularity among cybercriminals. In 2023, these platforms received $504.3 million worth of cryptocurrency from addresses associated with illicit activities, marking a decrease from the $1 billion recorded in 2022.
According to Chainalysis, centralized exchanges have consistently been the primary recipients of illicit funds for the past five years. In 2023, approximately 71.7% of all illicit transactions were directed to only five centralized platforms. Chainalysis data reveals that 109 exchange deposit addresses individually received over $10 million worth of illicit cryptocurrency, totalling $3.4 billion for 2023.
“While that still represents significant concentration, in 2022, only 40 addresses received over $10 million in illicit crypto, for a collective total of just under $2 billion,” Chainalisys highlights.
The level of concentration varies across different types of cybercrime. Notably, vendors involved in ransomware and the distribution of child sexual exploitation materials exhibit a high degree of concentration, with more than half of all funds directed to just seven deposit addresses. In contrast, online scammers and darknet vendors tend to utilize a more diverse range of deposit addresses for their illicit funds.
“Overall, it’s possible that crypto criminals are diversifying their money laundering activity across more nested services or deposit addresses in order to better conceal it from law enforcement and exchange compliance teams. Spreading the activity across more addresses may also be a strategy to lessen the impact of any one deposit address being frozen for suspicious activity,” the report concluded.
As Chainalysis indicates, the cybersecurity landscape is witnessing a dynamic shift in tactics, with cybercriminals adopting new techniques for money laundering, signifying continuous changes in their behaviour. Such evolution emphasizes the need for adaptive measures to prevent illicit activities and promote safety in the cryptocurrency space.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articlesAlisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.