Lazarus hackers used a little-known bitcoin mixer to launder millions of dollars

The North Korean hacker group Lazarus, known for its numerous large-scale cryptocurrency thefts, has switched to using the YoMix bitcoin mixer to launder stolen funds. This was reported by analytical company Chainalysis. Experts noted that the criminal group adapted its money laundering methods after some governments imposed sanctions on a number of crypto mixers that hackers had used before.

The cryptocurrency mixer YoMix recorded a significant inflow of funds in 2023, which, according to experts, is not due to the growing popularity of the service, but primarily to the malicious activities of Lazarus. Cryptocurrency laundering is only part of the operations of North Korean hackers, which is important for financing the group’s activities and North Korea’s nuclear weapons program.

In recent years, Lazarus has carried out a series of the largest cryptocurrency thefts — the Ronin Network (Axie Infinity) hack in March 2022 worth $ 625 million, the Harmony Horizon hack in June 2022 with a loss of $ 100 million, and the Alphapo theft in July 2023, when $ 60 million worth of cryptocurrency was stolen.

From January 2017 to December 2023, North Korean hacker groups, including Lazarus, Kimsuky, and Andariel, stole a total of about $ 3 billion in cryptocurrency. The stolen funds were transferred through various mixing services.

The US Treasury Department has previously sanctioned some of these platforms, including Blender, Tornado Cash, and Sinbad. Nevertheless, after each sanction, Lazarus found a new platform for his transactions.

In addition, analysts have found that in 2023, cryptocurrency wallet addresses marked as suspicious sent $ 22.2 billion to cryptocurrency services, which is significantly less than the $ 31.5 billion in 2022. However, the use of bridges between blockchains has increased significantly: up to $ 743 million in 2023, compared to $ 312 million in 2022.