Norwegian authorities seize $5.84M worth of crypto stolen by North Korean hackers

Posted on February 21, 2023 at 8:50 PM

Norwegian authorities seize $5.84M worth of crypto stolen by North Korean hackers

Norwegian law enforcement authorities have announced they have seized 60 million NOK, equivalent to around $5.84 million, worth of cryptocurrencies stolen by the North Korean hacking group Lazarus. The seized cryptocurrency was part of the money stolen by the group after breaching the Axie Infinity Ronin bridge.

Norwegian authorities seize $5.84M worth of crypto

The seizure was made by the Norwegian Police agency known as Økokrim. The Oslo-based police agency issued a statement on the seizure. The case showed that the crime-fighting unit could follow the money on the blockchain despite criminals turning towards advanced methods.

This seizure comes over ten months since the US Treasury Department implicated the hacking group based in North Korea with stealing $620M worth of crypto assets from the Ronin bridge. In September last year, the US government announced a recovery of over $30 million worth of cryptocurrencies, around 10% of the value of the stolen crypto.

The police agency also said it partnered with international law enforcement authorities to trail the movement of these funds. Additionally, the efforts being made by law enforcement authorities were making it challenging for threat actors to conduct malicious activities.

It further stated that the money these hacking groups stole went towards supporting the North Korean nuclear weapons program. The use of stolen crypto assets to fund the country’s missile program was also reported by the United Nations.

The crypto assets’ confiscation also comes around the same time the Binance and Huobi cryptocurrency exchanges froze accounts that contained around $1.4 million worth of crypto assets stolen during the Harmony Horizon bridge hack.

The exploit on Harmony was also linked to the Lazarus hacking group. The group laundered part of the stolen crypto using the Tornado Cash crypto mixer. The US government sanctioned the mixer in August last year.

Blockchain analytics company Elliptic issued a statement last week saying that the stolen cryptocurrencies remained dormant until recently. The investigating team started to see the funds being channeled using complex transaction chains to cryptocurrency exchanges.

North Korean hackers are using a new mixer tool

There are indications that the North Korean hackers are using a new mixer tool. Blender was sanctioned in May last year, but there are reports that the mixer was recreated as Sinbad. Sinbad was used to launder nearly $100M worth of Bitcoin from hacking attacks by the Lazarus group.

The company said the funds stolen after the Horizon bridge hack were laundered in transactions involving exchanges, crypto mixers, and cross-chain bridges. Tornado Cash was one of the mixers used to launder the funds, but a new mixer known as Sinbad was also used.

Sinbad is a new crypto mixer service launched in early October last year. This mixer has already been used to launder tens of millions of dollars worth of crypto assets from hacks conducted by North Korean hackers.

During the two months from December 2022 to January 2023, the Lazarus group sent around $24.2 million worth of Bitcoin to the Sinbad mixer. Investigations into this mixer show that Sinbad is most likely a rebrand of Blender because of similarities in the wallet used and how the two mixers operate.

The creator of Sinbad is known as “Mehdi,” and in an interview with WIRED, he said that the service was released because of the growing level of centralization in the cryptocurrency industry. According to the creator, Sinbad was a privacy project similar to Monero, Zcash, Wasabi, and Tor.

Despite mixers being used to maintain privacy in financial transactions, they are also being exploited by hackers to launder the proceeds of hacking attacks such as the ones launched by the Lazarus group.

These findings also come as healthcare entities feel the effects of the ransomware attacks being launched by the Lazarus threat actors to raise illicit revenues for North Korea. In some cases, the proceeds of these hacking attacks are used to fund other hacking campaigns such as espionage in South Korea and the US.

Law enforcement authorities are yet to stop the hacking attacks conducted by the group because of using evolving tactics such as deploying anti-forensic techniques to erase any hacking traces and obstruct investigations. According to researchers, this hacking group has been using techniques such as hiding data, wiping any traces and obfuscating their online activity.

Norwegian authorities seize $5.84M worth of crypto stolen by North Korean hackers
Article Name
Norwegian authorities seize $5.84M worth of crypto stolen by North Korean hackers
Norwegian authorities have seized crypto stolen by North Korean hackers. The authorities have seized $5.84M worth of stolen cryptocurrencies. North Korean hackers have been linked to several attacks in the crypto industry.
Publisher Name
Publisher Logo

Share this:

Related Stories:


Get the latest stories straight
into your inbox!


Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading